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Series Foreword 


Theoretical computer science has now undergone several decades of development. The 
“classical 5 ' topics of automata theory, formal languages, and computational complexity 
have become firmly established, and their importance to other theoretical work and to 
practice is widely recognized. Stimulated by technological advances, theoreticians have 
been rapidly expanding the areas under study, and the time delay between theoreti¬ 
cal progress and its practical impact has been decreasing dramatically. Much publicity 
has been given recently to breakthroughs in cryptography and linear programming, and 
steady progress is being made on programming language semantics, computational ge¬ 
ometry, and efficient data structures. Newer, more speculative, areas of study include 
relational databases, VLSI theory, and parallel and distributed computation. As this list 
of topics continues expanding, it is becoming more and more difficult to stay abreast 
of the progress that is being made and increasingly important that the most significant 
work be distilled and communicated in a manner that will facilitate further research and 
application of this work. By publishing comprehensive books and specialized monographs 
on the theoretical aspects of computer science, the series on Foundations of Computing 
provides a forum in which important research topics can be presented in their entirety 
and placed in perspective for researchers, students, and practitioners alike. 


Michael R. Garey 
Albert R. Meyer 




Preface 


This book is a general introduction to computability and complexity theory. It should 
be of interest to beginning programming language researchers who are interested in com¬ 
putability and complexity theory, or vice versa. 

The view from Olympus 

Unlike most fields within computer science, computability and complexity theory deals 
with analysis as much as with synthesis and with some concepts of an apparently ab¬ 
solute nature. Work in logic and recursive function theory spanning nearly the whole 
century has quite precisely delineated the concepts and nature of effective procedures, 
and decidable and semi-decidable problems, and has established them to be essentially 
invariant with respect to the computational device or logical theory used. 

Surprisingly, a few similarly invariant concepts have also arisen with respect to com¬ 
putations within bounded resources: polynomial time (as a function of a decision prob¬ 
lem’s input size), polynomial storage, computation with or without nondeterminism: the 
ability to “guess,” and computation with “read-only” data access. 

Computability and complexity theory is, and should be, of central concern for practi¬ 
tioners as well as theorists. For example, “lower complexity bounds” play a role analogous 
to channel capacity in engineering: No matter how clever a coding (in either sense of the 
word) is used, the bound cannot be overcome. 

Unfortunately, the field is well-known for impenetrable fundamental definitions, 
proofs of theorems, and even statements of theorems and definitions of problems. In my 
opinion this owes to some extent to the history of the field, and that a shift away from 
the Turing machine- and Godel number-oriented classical approaches toward a greater 
use of concepts familiar from programming languages will render classical computability 
and complexity results more accessible to the average computer scientist, and can make 
its very strong theorems more visible and applicable to practical problems. 

This book covers classical models of computation and central results in computability 
and complexity theory. However, it differs from traditional texts in two respects: 

1. It is significantly more accessible, without sacrificing precision. This is achieved by 
presenting the theory of computability and complexity using programming tech- 
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niques and motivated by programming language theory. 1 

2. It relieves some tensions long felt between certain results in complexity theory and 
daily programming practice. A better fit is achieved by using a novel model of 
computation, differing from traditional ones in certain crucial respects. 

Further, many of the sometimes baroque constructions of the classical theory become 
markedly simpler in a programming context, and sometimes even lead to stronger theo¬ 
rems. A side effect is that many constructions that are normally only sketched in a loose 
way can be done more precisely and convincingly. 


The perspective of the book 

For those already familiar with computability and complexity theory, the two points 
above can be somewhat elaborated. 

As for the first point, I introduce a simple imperative programming language called 
WHILE, in essence a small subset of Pascal or LISP. The WHILE language seems to have 
just the right mix of expressive power and simplicity. Expressive power is important when 
dealing with programs as data objects. The data structures of WHILE are particularly 
well suited to this, since they avoid the need for nearly all the technically messy tasks of 
assigning Godel numbers to encode program texts and fragments (used in most if not all 
earlier texts), and of devising code to build and decompose Godel numbers. Simplicity is 
also essential to prove theorems about programs and their behavior. This rules out the 
use of larger, more powerful languages, since proofs about them would be too complex 
to be easily understood. 

More generally, I maintain that each of the fields of computability and complexity 
theory, and programming languages and semantics has much to offer the other. In the 
one direction, computability and complexity theory has a breadth, depth, and generality 
not often seen in programming languages, and a tradition for posing precisely defined 
and widely known open problems of community-wide interest. Also, questions concerning 
the intrinsic impossibility or infeasibility of programs solving certain problems regarding 
programs should be of interest to programming language researchers. For instance, many 
problems that turn up in the field of analysis and transformation of programs turn out 
to be undecidable or of intractably high complexity. 

1 Dana Scott was an early proponent of programming approach to automata [161], but it has not yet 
been widely used. 
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In the other direction, the programming language community has a firm grasp of 
algorithm design, presentation and implementation, and several well-developed frame¬ 
works for making precise semantic concepts over a wide range of programming language 
concepts, e.g., functional, logic, and imperative programming, control operators, com¬ 
munication and concurrency, and object-orientation. Moreover programming languages 
constitute computation models some of which are more realistic in certain crucial aspects 
than traditional models. 

A concrete connection between computability and programming languages: the dry- 
as-dust “s-m-n theorem” has been known in computability since the 1930s, but seemed 
only a technical curiosity useful in certain proofs. Nonetheless, and to the surprise of 
many people, the s-m-n theorem has proven its worth under the alias partial evaluation or 
program specialization in practice over the past 20 years: when implemented efficiently, 
it can be used for realistic compiling , and when self-applied it can be used to generate 
program generators as well. 

Another cornerstone of computability, the “universal machine,” is nothing but a self¬ 
interpreter , well-known in programming languages. Further, the “simulations” seen in 
introductory computability and complexity texts are mostly achieved by informal com¬ 
pilers or, sometimes, interpreters. 

As for the second point above, a tension has long been felt between computability 
and complexity theory on the one hand, and “real computing” on the other. This is at 
least in part bacause one of the first results proven in complexity is the Turing machine 
speedup theorem , which asserts a counterintuitive (but true) fact: that any Turing ma¬ 
chine program running in superlinear time can be replaced by another running twice as 
fast in the limit. 2 The existence of efficient self-interpreters in programming language 
theory leads to the opposite result: a hierarchy theorem showing, for a more realistic 
computing model than the Turing machine, that constant time factors do matter. More 
precisely, given time bound /(n), where n measures the size of a problem input, there 
are problems solvable in time (1 + e)/(n) which cannot be solved in time f(n). Thus 
multiplying the available computing time by a constant properly increases the class of 
problems that can be solved. 

This and other examples using programming language concepts lead (at least for 
computer scientists) to more understandable statements of theorems and proofs in com¬ 
putability and complexity, and to stronger results. Further new results include “intrinsic” 
characterizations of the well-known problem classes LOGSPACE and PTIME on the basis 

2 The tension arises because the “trick” used for the Turing machine construction turns out to be 
useless when attempting to speed up real computer programs. 
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of program syntax alone, without any externally imposed space or time bounds. 

Finally, a number of old computability and complexity questions take on new life 
and natural new questions arise. An important class of new questions (not yet fully 
resolved) is: what is the effect of the programming styles we employ, i.e., functional style, 
imperative style, etc., on the efficiency of the programs we write? 


How to read this book 

If used as an introduction to computability (recursive function) theory, parts I—III are 
relevant. If used as an introduction to complexity theory, the relevant parts are I, IV, 
and V, and chapters 6 through 8. The book contains approximately two semesters 5 worth 
of material which one can “mix and match 55 to form several courses, for instance: 

Introduction to computability (1 semester): chapters 1 through 8, chapter 10, per¬ 
haps just skimming chapter 6; and as much of chapters 9, and 11 through 14, as 
time and interest allow. 

Introduction to complexity (1 semester): Quickly through chapters 1, 2, 3, 4, 7, 8; 
then chapters 15 through 19, chapters 21 through 23, and 25 through 27; and as 
much of the remainder as time and interest allow. 

Computability and complexity (2 semesters): the whole book. 

Exercises. Numerous exercises are included, some theoretical and some more oriented 
toward programming. An asterisk * marks ones that are either difficult or long (or both). 

Correction of errors and misprints. Reports of errors and misprints may be sent to the 
author by e-mail, at neil@diku.dk. A current list may be found at Worldwide Web 
URL http://www.diku.dk/users/neil/. 

Overall comments. Practically minded students may find chapter 6 of particular in¬ 
terest, since it describes application of the s-m-n theorem, widely called partial evaluation , 
to compiling and compiler generation. Theoretically or philosophically minded students 
may find chapter 12 of particular interest because of its connections with Godel’s theo¬ 
rem. Chapter 20 clarifies the question of the existence of “best 55 or optimal programs: 
Levin’s theorem proves that search problems whose solutions can be efficiently checked 
possess near-optimal algorithms. In contrast, Blum’s speedup theorem shows that there 
exist problems which , in a very strong sense, possess no optimal algorithm at all. 
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Goals, and chapters that can be touched lightly on first reading. The book's overall 
computability goals are first: to argue that the class of all computably solvable prob¬ 
lems is well-defined and independent of the computing devices used to define it, and sec¬ 
ond: carefully to explore the boundary zone between computability and uncomputability. 
Its complexity goals are analogous, given naturally defined classes of problems solvable 
within time or memory resource bounds. 

The Church-Turing thesis states that all natural computation models are of equivalent 
power. Powerful evidence for it is the fact that any two among a substantial class 
of computation models can simulate each other. Unfortunately, proving this fact is 
unavoidably complex since the various computation models must be precisely defined, 
and constructions must be given to show how an arbitrary program in one model can be 
simulated by programs in each of the other models. 

Chapters 7 and 8 do just this: they argue for the Church-Turing thesis without 
considering the time or memory required to do the simulations. Chapters 16, 17 and 18 
go farther, showing that polynomial time-bounded or space-bounded computability are 
similarly robust concepts. 

Once the Church-Turing thesis has been convincingly demonstrated, a more casual 
attitude is quite often taken: algorithms are just sketched, using whichever model is most 
convenient for the task at hand. The reader may wish to anticipate this, and at first 
encounter may choose only to skim chapters 7, 8, 16, 17 and 18. 

Prerequisites 

The reader is expected to be at the beginning graduate level having studied some theory, 
or a student at the senior undergraduate level with good mathematical maturity. Specif¬ 
ically, the book uses sets, functions, graphs, induction, and recursive definitions freely. 
These concepts are all explained in an appendix, but the appendix may be too terse 
to serve as a first introduction to these notions. Familiarity with some programming 
language is a necessity; just which language is much less relevant. 


Novel aspects, in a nutshell 

Classical computability results in this book include unsolvability of the halting problem 
and several other natural problems, including context-free ambiguity and Hilbert’s Tenth 
Problem; Rice’s result that all nontrivial extensional program properties are undecidable; 
characterizations of the recursive functions, and recursive and recursively enumerable 
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sets; Kleene’s s-m-n, second recursion, and normal form theorems; recursion by fixpoints; 
Rogers’ isomorphism theorem; and Godel’s incompleteness theorem. 

Classical complexity results include study of the hierarchy of classes of problems: 
LOGSPACE, NLOGSPACE, PTIME, NPTIME, PSPACE; the robustness of PTIME, PSPACE and 
LOGSPACE; complete problems for all these classes except the smallest; the speedup and 
gap theorems from Blum’s machine-independent complexity theory. 

In contrast with traditional textbooks on computability and complexity, this treat¬ 
ment also features: 

1. A language of WHILE programs with LISP-like data. Advantages: programming 
convenience and readability in constructions involving programs as data; and free¬ 
dom from storage management problems. 

2. Stronger connections with familiar computer science concepts: compilation (sim¬ 
ulation), interpretation (universal programs), program specialization (the s-m-n 
theorem), existence or nonexistence of optimal programs. 

3. Relation of self-application to compiler bootstrapping. 

4. Program specialization in the form of partial evaluation to speed programs up, or 
to compile and to generate compilers by specialising interpreters. 

5. Speedups from self-application of program specializes. 

6. Simpler constructions for “robustness” of fundamental concepts, also including 
functional languages and the lambda calculus. 

7. A construction to prove Kleene’s second recursion theorem that gives more efficient 
programs than those yielded by the classical proof. 

8. Proof that “constant time factors do matter” for a computation model more realistic 
than the Turing machine, by an unusually simple and understandable diagonaliza- 
tion proof. 

9. A new and much more comprehensible proof of Levin’s important result on the 
existence of optimal algorithms; 

10. Intrinsic characterizations of the problem classes LOGSPACE and PTIME by restricted 
WHILE programs. 

11. The use of programs manipulating boolean values to characterize “complete” or 
hardest problems for the complexity classes mentioned above. 

Items 7 through 11 above appear here for the first time in book form. 
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What is not considered 

There are numerous things in the enormous realm of complexity and computability theory 
that I have chosen not to include at all in the present text. A list of some of the most 
obvious omissions: 

• Parallelism. In the present text all computation models are sequential in the sense 
that only one operation can be executed at a time. Many models of parallel com¬ 
putation have been suggested in the literature; overviews by Karp and Valiant may 
be found in [96, 171]. 

• Approximate solutions. Another approach to solving problems whose algorithms 
have prohibitively long running times, is to devise a quicker algorithm which does 
not always give the correct answer, but only an approximate solution. Examples 
include numerous algorithms testing properties of graphs, e.g. by Johnson and Kann 

[73, 94]. 

• Stochastic algorithms. Some problems seem only to be solvable by programs that 
have prohibitively long running times. In some cases, it is possible to derive an 
algorithm using random numbers which runs faster, but which only returns a cor¬ 
rect result with a certain probability more than 0.5, but less than 1. Often the 
probability of correctness can be increased to 1 — e for any 1 > e > 0 by repeat¬ 
edly running the program. Such algorithms are called stochastic or probabilistic. 
Examples include testing whether a given number is a prime, e.g., by Rabin [148]. 

• Nonuniform complexity, circuits, cell probe models. Lower bounds on computation 
time or space are often extremely difficult to obtain. Sometimes these can be 
obtained more easily by abstracting away from the algorithm altogether, and just 
concentrating on a problem’s combinatorial aspects. In terms of computational 
models, this amounts to allowing different computational methods (e.g. different 
circuits) for different sizes of inputs. Progress has been made in this direction, e.g., 
by Hastad [66] and by Miltersen [130]. 

• Computing with real numbers. In the present text all computation models are 
concerned with countable data structures, but models of computation with real 
numbers also exist, e.g., by Blum, Shub and Smale [13]. 

• Communicating systems. The view of computation as a continuing and nontermi¬ 
nating exchange of information among a set of active agents has been developed 
by Milner and others [128], but is beyond the scope of this book. 
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Toward the Theory 




1 Introduction 


This book is about computability theory and complexity theory. In this first chapter we 
try to convey what the scope and techniques of computability and complexity theory 
are. We are deliberately informal in this chapter; in some cases we will even introduce a 
definition or a proposition which is not rigorous, relying on certain intuitive notions. 

The symbol will be used to mark these definitions or propositions. All such 
definitions and propositions will be reintroduced in a rigorous manner in the subsequent 
chapters before they occur in any development. 

Section 1.1 explains the scope and goals of computability theory. Sections 1.2-1.3 
concern questions that arise in that connection, and Section 1.4 gives examples of tech¬ 
niques and results of computability theory. Section 1.5 describes the scope and goals of 
complexity theory. Section 1.6 reviews the historical origins of the two research fields. 
Section 1.6 contains exercises; in general the reader is encouraged to try all the exercises. 
Section 1.6 gives more references to background material. 

A small synopsis like this appears in the beginning of every chapter, but from now 
on we will not mention the two sections containing exercises and references. 


1.1 The scope and goals of computability theory 

Computability theory asks questions such as: do there exist problems unsolvable by any 
effective procedure — unsolvable by any program in any conceivable programming lan¬ 
guage on any computer? 

Our programming intuitions may indicate a no answer, based on the experience that 
once a problem is made precise in the form of a specification, it is a more or less routine 
task to write a program to satisfy the specification. Indeed, a related intuition predomi¬ 
nated the work of Hilbert on the foundations of mathematics, as explained in section 1.6: 
they conjectured that all of mathematics could be axiomatized. However, we shall see 
that both of these intuitions are disastrously wrong. There are certain problems that 
cannot be solved by effective procedures. 

To prove this, we must make precise what is meant by an effective procedure and 
what is meant by a problem. It is not a priori obvious that any single formalization of 
effective procedure could be adequate; it might seem that any specific choice would be 
too narrow because it would exclude computing devices with special capabilities. Thus, 
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different formalizations might lead to different theories of computability. However, one 
of the great insights of computability theory was the gradual realization in the 1930’s 
that any reasonable choice of formalization of the notion of effective procedure leads, in 
a certain sense, to the same theory. This has been called the Church-Turing thesis , since 
Alonzo Church and Alan M. Turing first formulated and substantiated versions of this 
insight. Explaining why different formalizations lead to the same theory is itself one of 
the topics of computability theory; we thus devote considerable effort to the matter. 

Granted precise definitions of the notions of problem and effective procedure, com¬ 
putability theory is concerned with the boundary between computability and uncom¬ 
putability, and addresses questions such as: 

• Can every precisely stated problem be solved by some effective procedure? 

• What is the class of problems that can be solved by effective procedures and its 
basic properties? 

• What is the relationship between various problems that cannot be solved by effec¬ 
tive procedures? 

If a problem can be solved by an effective procedure we shall say that is effectively 
solvable , or sometimes just solvable. The result that a certain computational problem is 
unsolvable is not a purely negative fact; for instance, it conveys the important knowledge 
that searching for an effective procedure to solve the problem is futile. This may indicate 
that one should try to find an approximate, solvable, solution to the problem at hand 
instead of trying to solve the exact, but unsolvable, problem. 

In the next two sections we discuss formalization of the notions of effective proce¬ 
dure and problem. After this, we present, informally, some of the elementary results of 
computability theory, including two precisely stated problems which are unsolvable. 

1.2 What is an effective procedure? 

There are various strategies one can employ in formalizing the notion of effective proce¬ 
dure. Of course, we are free to define notions as we please, but the definitions should 
capture the intuitive notion of effective procedure; for example, it should not be the case 
that some problem is unsolvable according to our theory, but nevertheless can be solved 
on a real-world computer. 

Therefore it will be useful to try and analyze the notion of effective procedure and 
devise a formalization so that every intuitively effective procedure can be carried out in 
the formalism, and such that all the formalism’s computations are effective. 
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1.2.1 Alan Turing’s analysis of computation 

Alan Turing’s analysis attempting to formalize the class of all effective procedures was 
carried out in 1936 [170], resulting in the notion of a Turing machine. Its importance is 
that it was the first really general analysis to understand how it is that computation takes 
place, and that it led to a convincing and widely accepted abstraction of the concept of 
effective procedure. 

It is worth noting that Turing’s analysis was done before any computers more powerful 
than desk calculators had been invented. His insights led, more or less directly, to John 
von Neumann’s invention in the 1940’s of the stored program digital computer, a machine 
with essentially the same underlying architecture as today’s computers. 

We give the floor to Turing. Note that by a “computer” Turing means a human who 
is solving a computational problem in a mechanical way, not a machine. 

Computing is normally done by writing certain symbols on paper. We may suppose 
this paper is divided into squares like a child’s arithemetic book. In elementary 
arithmetic the two-dimensional character of the paper is sometimes used. But such 
a use is always avoidable, and I think that it will be agreed that the two-dimen¬ 
sional character of paper is no essential of computation. I assume then that the 
computation is carried out on one-dimensional paper, i.e., on a tape divided into 
squares. I shall also suppose that the number of symbols which may be printed 
is finite. If we were to allow an infinity of symbols, then there would be symbols 
differing to an arbitrarily small extent 1 . The effect of this restriction of the number 
of symbols is not very serious. It is always possible to use sequences of symbols in 
the place of single symbols. Thus an Arabic numeral such as 17 or 999999999999999 
is normally treated as a single symbol. Similarly in any European language words 
are treated as single symbols (Chinese, however, attempts to have an enumerable 
infinity of symbols). The differences from our point of view between the single and 
compound symbols is that the compound symbols, if they are too lengthy, cannot 
be observed at one glance. This is in accordance with experience. We cannot tell 
at a glance whether 9999999999999999 and 999999999999999 are the same. 

The behaviour of the computer at any moment is determined by the symbols which 

1 If we regard a symbol as literally printed on a square we may suppose that the square is 0 < x < 
1, 0 < y < 1. The symbol is defined as a set of points in this square, viz. the set occupied by printer’s 
ink. If these sets are restricted to be measurable, we can define the “distance” between two symbols as 
the cost of transforming one symbol into the other if the cost of moving a unit area of printer’s ink unit 
distance istoward unity, and there is an infinite supply of ink at x = 2,y = 0. With this topology the 
symbols form a conditionally compact space. [Turing’s note]. 
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he is observing, and his “state of mind” at that moment. We may suppose that 
there is a bound B to the number of symbols or squares which the computer can 
observe at one moment. If he wishes to observe more, he must use successive 
observations. We will also suppose that the number of states of mind which need 
be taken into account is finite. The reasons for this are of the same character as 
those which restrict the number of symbols. If we admitted an infinity of states 
of mind, some of them will be “arbitrarily close” and will be confused. Again, the 
restriction is not one which seriously affects computation, since the use of more 
complicated states of mind can be avoided by writing more symbols on the tape. 
Let us imagine the operations performed by the computer to be split up into “simple 
operations” which are so elementary that it is not easy to imagine them further 
divided. Every such operation consists of some change of the physical system 
consisting of the computer and his tape. We know the state of the system if we 
know the sequence of symbols on the tape, which of these are observed by the 
computer (possible with a special order), and the state of mind of the computer. 
We may suppose that in a simple operation not more than one symbol is altered. 
Any other changes can be split up into simple changes of this kind. The situation 
in regard to the squares whose symbols may be altered in this way is the same as 
in regard to the observed squares. We may, therefore, without loss of generality, 
assume that the squares whose symbols are changed are always “observed” squares. 
Besides these changes of symbols, the simple operations must include changes of 
distribution of observed squares. The new observed squares must be immediately 
recognizable by the computer. I think it is reasonable to suppose that they can only 
be squares whose distance from the closest of the immediately previously observed 
squares does not exceed a certain fixed amount. Let us say that each of the new 
observed squares is within L squares of an immediately previously observed square. 
In connection with “immediate recognizability,” it may be thought that there are 
other kinds of squares which are immediately recognizable. In particular, squares 
marked by special symbols might be taken as immediately recognizable. Now if 
these squares are marked only by single symbols there can be only a finite number of 
them, and we should not upset our theory by adjoining these marked squares to the 
observed squares. If, on the other hand, they are marked by a sequence of symbols, 
we cannot regard the process of recognition as a simple process. This is a funda¬ 
mental point and should be illustrated. In most mathematical papers the equations 
and theorems are numbered. Normally the numbers do not go beyond (say) 1000. 
It is, therefore, possible to recognize a theorem at a glance by its number. But if 
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the paper was very long, we might reach Theorem 157767733443477; then, further 
on in the paper, we might find “... hence (applying Theorem 157767733443477) we 
have ..." In order to make sure which was the relevant theorem we should have to 
compare the two numbers figure by figure, possible ticking the figures off in pencil 
to make sure of their not being counted twice. If in spite of this it is still thought 
that there are other “immediately recognizable” squares, it does not upset my con¬ 
tention so long as these squares can be found by some process of which my type of 
machine is capable. 

The simple operations must therefore include: 

(a) Changes of the symbol on one of the observed squares. 

(b) Changes of one of the squares observed to another square within L squares of 
one of the previously observed squares. 

It may be that some of these changes necessarily involve a change of state of mind. 
The most general single operation must therefore be taken to be one of the following: 

(A) A possible change (a) of symbol together with a possible change of state of 
mind. 

(B) A possible change (b) of observed squares, together with a possible change of 
state of mind. 

The operation actually performed is determined, as has been suggested [above] by 
the state of mind of the computer and the observed symbols. In particular, they 
determine the state of mind of the computer after the operation. 

We may now construct a machine to do the work of this computer. To each state 
of mind of the computer corresponds an “m-configuration” of the machine. The 
machine scans B squares corresponding to the B squares observed by the computer. 
In any move the machine can change a symbol on a scanned square or can change 
any one of the scanned squares to another square distant not more than L squares 
from one of the other scanned squares. The move which is done, and the succeeding 
configuration, are determined by the scanned symbol and the ra-configuration. The 
machines just described do not differ very essentially from computing machines as 
defined (previously) and corresponding to any machine of this type a computing 
machine can be constructed to compute the same sequence, that is to say the 
sequence computed by the computer. 
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1.2.2 The Church-Turing thesis 

The machines mentioned in Turing’s analysis are called Turing machines. The wide- 
ranging identification of the intuitive notion of effective procedure with the mathematical 
concept of Turing machine (and related identifications) has become well-known as the 
Church-Turing thesis , named after Church and Turing, two pioneers of computability 

[170, 22, 23]. 

The thesis is not amenable to mathematical proof since it identifies an intuitive no¬ 
tion with a mathematical concept; however we shall provide various kinds of evidence 
supporting it. In one direction this is easy: the Turing machine (as well as other computa¬ 
tional models we will introduce) is sufficiently simple that its computations are certainly 
effective in any reasonable sense. In the other direction, Turing’s analysis is a rather 
convincing argument for the Turing machine’s generality. 

There are many other notions of effective procedure than Turing machines, e.g., 

• Recursive functions as defined by Kleene [98] 

• The lambda calculus approach to function definitions due to Church [22, 23]. 

• Random access machines [163] 

• Markov algorithms [115] 

Despite considerable differences in formalism, some common characteristics of these no¬ 
tions are [155]: 

1. An effective procedure is given by means of a set of instructions of finite size. There 
are only finitely many different instructions. 

2. The computation is carried out in a discrete stepwise fashion, without the use of 
continuous methods or analogue devices. 

3. The computation is carried out deterministically, without resort to random methods 
or devices, e.g., dice. 

4. There is no a priori fixed bound on the amount of “memory” storage space or time 
available, although a terminating computation must not rely on an infinite amount 
of space or time. 

5. Each computational step involves only a finite amount of data. 

All of the above notions of effective procedure have turned out to be equivalent. In view 
of this, the Church-Turing thesis is sometimes expressed in the following form: 

1. All reasonable formalizations of the intuitive notion of effective computability are 
equivalent; 
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2. Turing machine computability is a reasonable formalization of effective computabil¬ 
ity. 

In support of this, later chapters will consider a number of formalizations and prove 
them equivalent. For the remainder of this chapter the notion of an effective procedure, 
or algorithm , will remain intuitive. 

1.2.3 Are algorithms hardware or software? 

Discussions of the question whether algorithms are hardware of software resemble those 
of whether the chicken or the egg came first, but are nonetheless worthwhile since much 
literature on computability, and especially on complexity theory, is implicitly biased 
toward one or the other viewpoint. For example, the phrase “Turing machine” carries 
overtones of hardware, and the “states of mind” of Turing’s argument seem to correspond 
to machine states. 

The hardware viewpoint states that an algorithm is a piece of machinery to realize 
the desired computations. The “set of instructions” is a specification of its architec¬ 
ture. At any one point in time a total machine state comprises the instruction it is 
currently executing and its memory state. Larger algorithms correspond to larger pieces 
of hardware. 

The problem of not limiting the amount of storage can be handled several ways: 

• Assume given an infinite separate storage unit, e.g., Turing’s “tape”; 

• Assume an idealized hardware which is indefinitely expandable, though always 
finite at any one point in time; or 

• Work with an infinite family of finite machines Mi,M 2 ,..., so larger input data is 
processed by larger machines. 

The last way corresponds to what is often called circuit complexity . One usually requires 
the sequence Mi, M 2 ,... to be uniform , so progressively larger data are not processed by 
completely disparate machines. 

The software viewpoint states that the algorithm is a set or sequence of instructions. 
For instance an algorithm can simply be a program in one’s favorite programming lan¬ 
guage. The “computing agent” then interprets the algorithm; it can be a piece of hard¬ 
ware, or it can be software: an interpreter program written in a lower-level programming 
language. Operationally, an interpreter maintains a pointer to the current instruction 
within the algorithm’s instruction set, together with a representation of that algorithm’s 
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current storage state. Larger algorithms correspond to larger interpreted programs, but 
the interpreter itself remains fixed, either as a machine or as a program. 

The first fully automatic computer was von Neumann’s “stored program” machine. It 
consisted of a piece of hardware, the central processing unit (CPU), specifically designed 
to interpret the program stored in its memory; and this memory was physically decoupled 
from the CPU. Thus the software viewpoint was present from hardware’s first days and 
characterizes most of today’s computers. Nonetheless the distinction is becoming yet less 
clear because today’s “chip” technology allows relatively easy construction of special- 
purpose digital hardware for rather complex problems, something which was impractical 
only a few years ago. Further, even though Turing’s machine is described in hardware 
terms, it was Alan Turing himself who proved the existence of a “universal machine”: a 
single Turing machine capable of simulating any arbitrary Turing machine, when given 
its input data and an encoding of its instruction set. 

This book mostly takes the viewpoint of algorithm as software, though the “random 
access machine” model will come closer to hardware. 


1.3 What is a problem? 

By a problem we have in mind some uniform, in general unbounded, class of questions 
each of which can be given a definite, finite answer. Thus we consider two concrete 
instances of the abstract notion of solving a problem: computing a function and deciding 
membership in a set. 

1.3.1 Effectively computable functions 

In this book, a total function is written / : A— » B. A partial function is written g : 

B±. For a G A, if g(a) is defined or convergent we write g(a)[, and if g(a) is undefined or 
divergent we write g(a) | or g(a) = _L. Relation ~ denotes equivalence of partial values, 
see Subsection A.3.5. Thus /(a) ~ g(a) holds if either both of /(a) and g(a) are defined 
and equal, or if both are undefined. Total and partial functions are explained in greater 
detail in Subsections A.3.1-A.3.4 in Appendix A. 

Definition 1.3.1° Let D,E be sets. A partial mathematical function / : D — > E±_ is 
effectively computable if there is an effective procedure such that for any x G D: 

1. The procedure eventually halts, yielding f(x) G E, if f{x) is defined; 

2. The procedure never halts if f(x) is undefined. □ 
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The function / : IN x IN —> IN where f(x,y) = x-\-y is effectively computable by the 
effective procedure, known from elementary school, for digit-by-digit addition, assuming 
x,?/, and x-\-y are expressed in decimal notation. As another example, the function 
gcd : IN x IN IN which maps two natural numbers into their greatest common divisor 
can be computed by Euclid’s algorithm. 

The effective procedure for computing / must give the correct answer to each question 
which is within its set of applicability D. In particular, if / is total, the effective procedure 
must halt for all arguments in D. Its behavior when applied to questions outside this set 
is not of interest; it may fail to terminate, or may terminate in a nonstandard way. For 
instance, Euclid’s algorithm can fail to terminate when applied to negative numbers. 

1.3.2 On data representation 

It might seem that the definition of an effectively computable function depends on the 
notation used to represent the arguments. For instance, the addition procedure above 
uses the decimal representation of natural numbers. 

However, this makes no difference as long as there is an effective procedure that 
translates from one notation to another and back. Suppose we have an effective procedure 
p which will compute / if the argument is expressed in notation B. The following effective 
procedure will then compute / in notation A: 

1. Given x in notation A , translate it into notation H, yielding y. 

2. Apply procedure p to ?/, giving z = f(y), in notation B. 

3. Translate z back into notation A , giving the result. 

In the remainder of this chapter we shall be informal about data representations. 

1.3.3 Algorithms versus functions 

We stress the important distinction between an algorithm and the mathematical function 
it computes. A mathematical function is a set. For instance, the unary number-theoretic 
function which returns its argument doubled is: 

{(1,2),(2,4),(3,6),...} 

For convenience one always writes this function thus: f(n) = 2n. So, a function asso¬ 
ciates a result with each input, but does not say anything about how the result can be 
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computed 1 . 

On the other hand, an algorithm is a text, giving instructions on how to proceed 
from inputs to result. We can write algorithms which, when fed a representation of a 
number as input, will compute the representation of another number as output, and the 
connection between input and output can be described by a mathematical function. For 
instance, an algorithm p may, from the representation of n , compute the representation 
of 2 n. In this case we say that p computes the function f(n) = 2 n, and we write [[pj = /. 
We pronounce [pj “the meaning of p.” 

Given a formalization of effective procedure, that is, given a programming language 
L, we may ask: what mathematical functions can be computed by algorithms in the lan¬ 
guage? We say that the programming language defines the class of all such mathematical 
functions: 


{[[p]] | p is an L-program } 


The relationship between algorithms and functions is a bit subtle. Consider, for instance, 
the function / : IN —► IN, defined by: 



0 if Goldbach’s conjecture is true 
1 otherwise 


(Goldbach’s conjecture states that every even number greater than 2 is the sum of two 
prime numbers. Whether the conjecture is true, is not known [155]). There is an algo¬ 
rithm computing /; either it is the algorithm which always return the representation of 
0, or it is the algorithm which always returns the representation of 1 — but we do not 
know which of the two yet it is. 

Thus there are functions for which it is has been proved that an algorithm exists, and 
yet no concrete algorithm computing the function is known 2 . There are also examples of 
functions where it is not yet known whether corresponding algorithms exist at all, and 
there are functions for which it is known that there definitely do not exist any algorithms 
that compute them. We shall soon see an example of the last kind of function. 

1 If the reader is not comfortable with the notion of a function simply being a certain set, Subsec¬ 
tion A.3.1 may be consulted. 

2 This can only happen if the proof is by classical logic; in intuitionistic logic proofs of existence are 
always constructive. 
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1.3.4 Effectively decidable and enumerable sets 

How can we apply the idea of an effective procedure to the problem of definition of 
sets? For example the set of prime numbers seems intuitively effective, in that given an 
arbitrary number we can decide whether or not it is a prime. 

Definition 1.3.2 ° Given a set _D, and a subset S C D. S is effectively decidable iff there 
is an effective procedure which, when given an object xgD, will eventually answer “yes” 
if x E S', and will eventually answer “no” if x ^ S. □ 

Note that the procedure eventually halts for any input x. 

The problem of deciding some set S can sometimes equally naturally be phrased as 
the problem of computing a certain function, and vice versa, as we shall see later on. An 
alternative notion is to call a set effective if its elements can be listed in an effective way. 

Definition 1.3.3° Given a set D, and a subset S C D. S is effectively enumerable iff 
there is an effective procedure which, when given an object x E D, will eventually answer 
“yes" if x E S', and will answer “no” or never terminate if x £ S. □ 

The collection of all subsets of any infinite set (for example IN) is not countable (Exercise 
1.3). This can be proven by diagonalization as introduced in the next section. 

On the other hand, the collections of all effectively decidable (or effectively enumer¬ 
able) subsets of IN are each countable, since for each nonempty set there exists a program 
computing a function that decides it (enumerates it), and there is only one empty set. 

We will see that there exist effectively enumerable sets which are not effectively de¬ 
cidable. This, too, can be proven by diagonalization; a formal version will be seen later, 
as Corollary 5.6.2. 

1.4 A taste of computability theory 

In this section we review some of the basic results and techniques of computability in an 
informal manner. 

1.4.1 Countable sets and enumeration functions 

A set S is countable if S is empty or there is a sequence so,si,... containing all and only 
all the elements of S', i.e., for all s E S there is an i such that s = s*. This sequence is 
called an enumeration of S. 
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The sequence so,si,... is actually a function 3 / : IN —> S defined by f(i) = Thus 
a set is countable if and only if it is empty, or there is a surjective 4 total function from 
IN to S. Such a function is said to enumerate S. 

Note that the sequence above is allowed to have repetitions. This amounts to saying 
that / is allowed to be non-injective. Examples include: 

1. The set IN is countable; an obvious sequence mentioning all elements is 0,1,2,_ 

In other words, the required surjective function is the function / : IN —» TV, f(i) = i. 

2. The set of all integers is countable; a sequence is: 0,1,—1,2,—2,3,.... 

3. IN x IN is countable; a sequence is: (0,0), (0,1), (1,0), (0,2), (1,1), (2,0), (0,3), 
(1,2), (2,1), (3,0),.... 

The preceding terminology in particular applies to sets of functions, partial or total. Let 
A and B be sets and let S be a non-empty set of partial functions from A into B , i.e., 
S C A— » B±. Then S is countable iff there is a sequence /o,/i,... so that g G S if and 
only if g — fi for some i. 

1.4.2 The diagonal method and uncountable sets 

Proposition 1.4.1 The set of all total functions / : TV —> TV is uncountable. □ 

Proof. We use Cantor’s well-known diagonal argument. Suppose the set of all functions 
/ : TV —» TV were countable. Then there would be an enumeration /o, /i, / 2 , • • • such that 
for any total function / : TV —> TV, there is an i such that fi = /, i.e., fi(x) = f(x) for all 
x G TV. 

Consider the function g defined by: 

g{x) = fx 0*0 + 1 

This is certainly a total function from TV to TV. Therefore g must be fi for some i. But 
this is impossible, as it implies, in particular, that 

fi(i)=g(i ) = fi(i) + 1 (Id) 

and so 0 = 1 which is impossible. 5 □ 

3 More details appear in Subsection A.3.2. 

4 Surjective and injective functions are explained in Subsection A.3.9. 

5 Remark the similarity between this argument and Russell’s Paradox: The class IA = {A \ 
A is a set and A A} is not a set. The reasoning is that if IA were a set, we would have IA G IA iff 
U^IA. 
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The proof technique above, called diagonalization , has many applications in computabil¬ 
ity and complexity theory. To understand the name of the technique, imagine the values 
of countably many functions /o, A,/ 2 > • • • listed in an “infinite table” for the arguments 
0 , 1 , 2 ,...: 


n 

0 

1 

2 


fo(n) 

/o(0) 

/o(l) 

/o(2) 


h (n) 

/i(0) 

A(l) 

A(2) 


/2W 

hi 0) 
hi i) 

hi 2) 


For instance, the first column defines /q. Given a countable set of total functions from IN 
to TV, the diagonal method constructs a new function which differs from the ffh function 
on the argument i in the diagonal. Thus from any enumeration of total functions from 
TV to TV, at least one total function from TV to TV must be absent. 

Note that diagonalization does not directly imply the uncountability of the set of 
partial functions from TV to TV, since the analog of (1.1) for partial functions is not a 
contradiction in case fi(i) is undefined. 

Corollary 1.4.2 The following sets are also uncountable: 

1. All partial functions / : TV —► TV ±. 

2. All total functions / : TV —» {0,1}. 

3. All total functions / : A —>• B where A is infinite and B has at least two elements. 

□ 

Proof. See the Exercises. □ 

1.4.3 Existence of effectively uncomputable functions 

Proposition 1.4.3° The set of all effectively computable partial functions from TV to 
TV is countable. □ 

Proof. By the Church-Turing Thesis each effectively computable function is computed 
by some Turing machine. A Turing machine can be represented as a finite string of 
symbols over an alphabet consisting of English letters and mathematical and punctuation 
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symbols. The set of all finite strings over any finite alphabet is countable, so the set of 
all Turing machines is countable; hence the set of all effectively computable functions 
must be countable as well. □ 

Corollary 1.4.4° The set of all effectively computable total functions from TV to TV 
is countable. □ 

Proof. A subset of a countable set is countable. □ 

Corollary 1.4.5° 

1. There exists an effectively uncomputable total function from TV to TV. 

2. There exists an effectively uncomputable partial function from TV to TV. □ 

Proof. By Corollary 1.4.2 there are uncountably many total and partial functions, but 
by Proposition 1.4.3 and Corollary 1.4.4 only countably many of these are effectively 
computable. If A is a countable subset of an uncountable set T then T\S ^ 0. □ 

It follows from this that the set of computable functions is small indeed, and that there 
are uncountably many uncomputable functions. 

The next two subsections gives more examples. 

1.4.4 Unsolvability of the halting problem 

The argument in the preceding subsection shows the existence of uncomputable functions, 
but not in a constructive way, as no explicit well-defined but uncomputable function was 
exhibited. 

We now give a concrete example of an unsolvable problem: It is impossible effectively 
to decide, given an arbitrary program p and input d, whether or not the computation 
resulting from applying p to d halts. The following proof may be carried out in any 
reasonable programming language. Assumptions: 

1. Any program p has the form read Xi, . . . ,X n ; C; write Y. 

2. Any program p denotes a partial mathematical function [[p] : V n —> V± for some n, 
as sketched in subsection 1.3.3. 

3. The value domain V contains at least two distinct elements, which we call true 
and false. 
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4. There is an effective procedure that, given any program p and input value d from 
V, will execute pond and deliver the resulting output (the value of output variable 

Y.) 6 . 


Proposition 1.4.6° The total function 


halt( p,d) 


true 


if M( d )l 


program p terminates on d 


false if [[pj(d) = T program p does not terminate on d 


is not computed by any program. 



Proof. Suppose halt were computed by some program q, i.e., for any program p and input 
value d 


Iq]](p, d ) = 


true if [[pH( d)i 
false if [[pj(d) = T 


By assumption this has the form: q = read P,D; C; write Y. Now consider the follow¬ 
ing program r, built from q: 

read X; 

Apply program q to input (X,X); (* Does program X stop on input X? *) 
if Y then 

while Y do Y := Y; (* Loop if X stops on input X *) 

write Y (* Terminate if X does not stop on X *) 


Now let us see what happens if we give r as input to the program just built, i.e., apply 
r to itself: X = r. 

Clearly one or the other of the two assertions [[rj(r)| or Jr]](r) = _L must be true. 

If ]r]](r)|, then program q will yield Y = true on input (r,r). However Y = true im¬ 
plies that program r, when it reaches command while Y do Y := Y;, will not terminate 
on input r, a contradiction. 

Conclusion: Jr]] (r) = _L must be true. But this implies that program q will yield Y 
= false on input (r,r). Thus command while Y do Y := Y; exits without looping, so 
program r will terminate on input r, another contradiction. 

Thus every possibility leads to a contradiction. The only unjustified assumption above 
was the existence of a program q that computes halt , so this must be false. 7 □ 

6 A consequence is that all programs may be represented as elements of V. 

7 This argument is closely related to the paradoxes of mathematical logic. An informal but essentially 
similar example: “The barber shaves just those who do not shave themselves. Who shaves the barber?” 
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1.4.5 The Busy Beaver problem: an explicit uncomputable 

function 

The busy beaver function below, due to Rado [149] and related to the Richard paradox 
[152], is mathematically well-defined. It is just as concrete as the halting problem just 
seen, and is in a sense more elementary. Based on certain reasonable assumptions about 
the language used to express computation, we will show that there is no algorithm which 
computes it. 

Assumptions : Any program p denotes a partial mathematical function [[p]] : IN — » IN j_, 
as sketched in subsection 1.3.3. Any program p has a length |p| G IN: the number of 
symbols required to write p. For any n, there are only finitely many programs with 
length not exceeding n. 

We use programs in a small subset of Pascal [72, 174] with the following notation. 
Programs have the form read X; C; write Y, where X, Y are variables. Commands 
C can be either of V:=n, V:=W+1, V:=W-1, where V, W are variables and n is a number 
in decimal representation (similar constructions can be carried through with unary and 
other representations). Commands of the forms C;C and while X>0 do begin C end 
have the usual meanings. 

Observation : |p| > 19 for any program p = read X; C; write Y. 

Proposition 1.4.7 The total function 

BB(n) = max{ [[pH (0) | p is a program with |p| < n, and [[p]](0)f} 
is computed by no program. 8 □ 

Proof. Suppose for the sake of contradiction that some program q computes BB\ 

readX; C; writeY 

The proof uses a form of diagonalization. We present the idea in three small steps. 

Step 1. The idea in deriving a contradiction is to find a number K and a program r 
such that |r| < K and [[r]](0) = [q]](iY) + l. This implies 

[[qJ(iY) = BB(K) Since q computes BB. 

> M(0) Since |r| < K and [[r]](0)j 

= [[qJ(iY) + 1 By definition of r 

which is a contradiction. 

8 Where we define max 0 = 0. 
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Step 2. How to determine r and K? Well, since we are to compute [[q]](iY) + l, it 
seems sensible to use q in the construction of r. Since |r| must be less than K this forces 
K to be at least |q|. As a first try, let K = |q| and and r be the following program 
computing JqJ(iY) + l: 

read X; 

X: =c; 

C; 

Y:=Y+1; 
write Y 

where c is a numerical constant representing the number |q|. This program does not 
quite meet the requirements of Step 1, since q is part of it and so |r| > K = |q| . In other 
words, the size of program r is too large compared to the input to the command C. 

Step 3. As a second try, we increase the input to command C, i.e., the value of X, 
without increasing the size of program r by the same amount. Let K = 3|q| and let r 
be the program above slightly modified, where c is again the decimal representation of 
number |q|: 

read X; 

X:=3*c; 

C; 

Y:=Y+1; 
write Y 

Clearly program r consists of the symbols to write q (i.e., read X; C ; write Y), plus the 
symbols required to write the constant c, plus (count for yourself) 13 additional symbols. 

Since c is the decimal representation of the number |q|, it follows that |c| < |q|. 
Further, any program is at least 19 symbols long, so it follows that 

r| = 13+|c| + |q| By construction of r 

< |q| + |q| + |q| Since 19 < |q| and |c| < |q| 

= 3|q| = A 

Hence, with K = 3|q|, we have |r| < K and Jr]] (0) = [q](iY) + l, as required for the 
argument seen earlier. (The constant 3 can be replaced by any larger value.) □ 

1.4.6 Unsolvability of the halting problem 

It is not hard to write programs in the small subset of Pascal of the previous section 
which do not halt, e.g., 


read X; X:=1; while X > 0 do begin X:=X end; write X 
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The following is another proof that it is impossible effectively to decide the halting 
problem. 


Corollary 1.4.8° The total function 


halt(p,n) 


i if MO)I 

0 otherwise 


is computed by no effective procedure. 



Proof. Suppose, for the sake of contradiction, that such a procedure does exist. Then 
BB can also be computed by the following procedure: 


1. Read n. 

2. Set max = 0. 

3. Construct {pi,.. .p/c} = {p | p is a program and |p| < n}. 

4. For i = 1,2,..., fc do: if [[pj^n)]. and max < [[pi]](0), then reassign max := [[pi]] (0). 

5. Write max. 


Step 3 is effective since there are only finitely many programs of any given size, and step 
4 is effective by assumption. By the Church-Turing thesis one can turn this procedure 
into a program in our subset of Pascal. The conclusion that BB is computable by a 
program in this language is in contradiction with Proposition 1.4.7, so the (unjustified) 
assumption that q exists must be false. □ 


1.4.7 Consequences of unsolvability of the halting problem 

We have just argued informally that the halting problem is not decidable by any program 
of the same sort. This is analogous to the classical impossibility proofs, for example that 
the circle cannot be squared using tools consisting of an unmarked ruler and a compass. 
Such classical impossibility proofs, however, merely point out the need for stronger tools, 
for instance a marked ruler, to solve the named problems. 

Our “busy beaver” argument similarly asserts that one particular problem, the halting 
problem, cannot be solved be means of any of a class of tools: programs in our Pascal 
subset. But here a major difference arises because of the Church-Turing thesis. This 
gives the undecidability of the halting problem much more weight since it implies that the 
halting problem is not decidable by any intuitively effective computing device whatsoever. 
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1.5 The scope and goals of complexity theory 

Recall that computability theory is concerned with questions such as whether a prob¬ 
lem is solvable at all, assuming one is given unlimited amounts of space and time. In 
contrast, complexity theory is concerned with questions such as whether a problem can 
be solved within certain limited computing resources, typically space or time. Whereas 
computability theory is concerned with unsolvable problems and the boundary between 
solvable and unsolvable problems, complexity theory analyzes the set of solvable prob¬ 
lems. 

To address such questions, one must have a precise definition of space and time costs. 
Granted that, complexity theory asks questions such as: 

• Which problems can be solved within a certain limit of time or space, and which 
cannot? 

• Are there resource limits within which a known combinatorial problem definitely 
cannot be solved? 

• Are there problems which inherently need more resources than others? 

• What characteristics of problems cause the need for certain amounts of resources? 

• What is the class of problems solvable within certain resource limits, and what are 
the basic properties of this class? 

• Given a problem, what is the complexity of its best algorithm? 

• Do best algorithms always exist? 

• Does adding more resources allow one to solve more problems? 

1.5.1 Polynomial time 

Similarly to the situation in computability theory, one might fear that one single definition 
of resource accounting would not suffice, and in fact different models exist giving rise to 
different theories of complexity. Specifically, the class of problems solvable within certain 
sharp limits may vary from model to model. 

However, we will see that many computation models define precisely the same class 
PTlMEof problems decidable within time bounded by some polynomial function of the 
length of the input. Many researchers identify the class of computationally tractable 
problems with those that lie in ptime, thereby suggesting what could well be called Cook 7 s 
thesis , after Stephen C. Cook, a pathbreaking researcher in computational complexity: 
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1. All reasonable formalizations of the intuitive notion of tractable computability are 
equivalent (they can simulate each other within a polynomially bounded overhead 
in time); 

2. Polynomial-time Turing machine computability is a reasonable formalization of 
tractable computability. 

Note the close similarity with the Church-Turing thesis: “Turing machine computability" 
has been replaced by “polynomial time Turing machine computability,” and “effectively 
computable” by “tractable computability.” A stronger form of the first part is sometimes 
called the Invariance Thesis [15]. 

Cook’s thesis is a useful working assumption but should not be taken as being as 
solidly founded as the Church-Turing thesis, which concerns computability in a world of 
unlimited resources. Reasons for a certain skepticism about Cook’s thesis include the 
facts that an algorithm running in time |x| 100 , where |x| is the length of the input to 
the algorithm, can hardly be regarded as computationally tractable; and that there are 
algorithms (for instance as used in factorizing large integers) that run in a superpolyno¬ 
mial time bound such as | x | lo 8 log l x l ? but with constant factors that are small enough for 
practical use. 

1.5.2 Complexity hierarchies and complete problems 

Ideally, one would like to be able to make statements such as “the XXX problem can be 
solved in time 0(n 3 ) (as a function of its input size); and it cannot be solved in time 
0(n 3 ~ e ) for any e > 0.” Alas, such definitive statements can only rarely be proven. There 
are a few problems whose exact complexity can be identified, but very few. 

Because of this, a major goal of complexity theory is classification of problems by 
difficulty. This naturally leads to a division of all problems into hierarchies of problem 
classes. Standard classes of problems include: LOGSPACE, NLOGSPACE, ptime, np- 
TIME, PSPACE. Each class is characterized by certain computational resource bounds. For 
example, problems in LOGSPACE can be solved with very little storage; those in ptime 
can be solved with unlimited storage, but only by algorithms running in polynomial time; 
and those in nptime can be solved by polynomial time algorithms with an extra feature: 
they are allowed to “guess” from time to time during their computations. 

Various combinations of these resources lead to a widely encompassing “backbone” 
hierarchy: 

LOGSPACE c NLOGSPACE C PTIME C NPTIME C PSPACE = NPSPACE C REC C RE 
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Surprisingly, it is not known whether any one of the inclusions above is proper: for 
example, the question PTIME = nptime?, often expressed as P = NP?, has been open 
for decades. 

Nonetheless, this hierarchy has proven itself useful for classifying problems. A great 
many problems have been precisely localised in this hierarchy. A typical example is SAT, 
the problem of deciding whether a Boolean expression can be made true by assigning 
truth values to the variables appearing in it. This problem is complete for nptime, 
meaning the following. First, SAT is in nptime: There is a nondeterministic algorithm 
that solves it and runs in polynomial time. Second, it is “hardest" among all problems in 
nptime: If it were the case that SAT could be solved by a PTIME algorithm, then every 
problem in nptime would have a deterministic polynomial time solution, and PTIME = 
nptime would be true. This means that two stages of the hierarchy would “collapse.” 

The last four chapters of this book concern complete problems for the various com¬ 
plexity classes. 

1.6 Historical background 

At the Paris Conference in 1900 D. Hilbert gave a lecture which was to have profound 
consequences for the development of Mathematics, particularly Mathematical Logic, and 
the not yet existing field of Computer Science. Hilbert’s ambitions were high and his 
belief in the power of mathematical methods was strong, as indicated by the following 
quote from his lecture: 

Occasionally it happens that we seek the solution under insufficient hypotheses or 
in an incorrect sense, and for this reason do not succeed. The problem then arises: 
to show the impossibility of the solution under the given hypotheses, or in the 
sense contemplated. Such proofs of impossibility were effected by the ancients, for 
instance when they showed the ratio of the hypotenuse to the side of an isosceles 
triangle is irrational. In later mathematics, the question as to the impossibility of 
certain solutions plays a preeminent part, and we perceive in this way that old and 
difficult problems, such as the proof of the axiom of parallels, the squaring of the 
circle, or the solution of equations of the fifth degree by radicals have finally found 
fully satisfactory and rigorous solutions, although in another sense than originally 
intended. It is probably this important fact along with other philosophical reasons 
that gives rise to the conviction (which every mathematician shares, but which 
no one has as yet supported by a proof) that every definite mathematical problem 
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must necessarily be susceptible to an exact settlement, either in the form of an exact 
answer, or by proof of the impossibility of its solution and therewith the necessary 
failure of all attempts 9 . 

At the conference Hilbert presented 23 unsolved mathematical problems. One of these, 
the Entscheidungsproblem (decision problem), was described as follows: 10 

The Entscheidungsproblem is solved if one knows a procedure which will permit 
one to decide, using a finite number of operations, on the validity, respectively the 
satisfiability of a given logical expression. 

This problem was part of Hilbert’s program which included an endeavour to formalize 
number theory in a first-order deductive system. It was hoped that the provable theorems 
of the system would be precisely the true number-theoretic propositions, and that one 
could devise a procedure to decide whether or not a given proposition were a theorem of 
the system. 

A negative answer to the Entscheidungsproblem, i.e., a proof that no such procedure 
exists, must necessarily be grounded in a precise definition of the notion of procedure. 
However, Hilbert and his school believed that such a universal decision procedure existed, 
and so had no reason to formalize the notion of a procedure in general terms. 

In 1931 Godel showed his celebrated Incompleteness Theorem [54] stating, roughly, 
that for any consistent, sufficiently strong formalization of number theory, there are 
true propositions which cannot be proved in that formalization. To the experts this 
result made it seem highly unlikely that the Entscheidungsproblem could have a positive 
solution. 

In 1936 it was shown independently by Church [22, 23] and Turing [170] that the 
Entscheidungsproblem does not have a positive solution. Further, and just as im¬ 
portant in the long run, each author gave a formalization of the notion of procedure 
(via A-expressions and Turing machines, respectively), and derived the unsolvability of 
the Entscheidungsproblem from unsolvability of the Halting problem, which they both 
showed for their respective formalisms. Similar work on other formalizations, also in 
1936, was done by Kleene [98] and Post [141]. Gandy [51] describes this astonishing 
“confluence of ideas in 1936.” 

It is a remarkable fact that the different formalisms all define the same class of number- 
theoretic functions, the so-called partial recursive functions , and equivalences between 

9 Our italics; not present in the original. 

1() In a formulation from 1928; the English translation from German is adopted from [51]. 
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various formalisms were soon proved by Kleene, Turing, and others. In fact, one can 
write compilers that turn a program in one formalism into a program in one of the 
other formalisms that computes the same function, supporting what we have previously 
called the Church-Turing thesis. It should be noted that this correspondence between the 
algorithms in the various formalisms is a stronger result than the fact that the various 
formalisms define the same class of functions. 

The initial work in complexity theory in the late 1920’s and early 1930’s was concerned 
with subclasses of the effectively computable functions, e.g., the primitive recursive func¬ 
tions studied by Hilbert [69], Ackermann [1], and others. Subclasses of primitive recursive 
functions were studied by Kalmar [92] and Grzegorczyk [58]. More programing language 
oriented versions of these classes were later introduced by Meyer and Ritchie [125]. 

With the appearance of actual physical computers in the 1950’s, an increasing interest 
emerged in the resource requirements for algorithms solving various problems, and the 
field of complexity as it is known today, began around 1960. One of the first to consider 
the question as to how difficult it is to compute some function was Rabin [145, 146]. 
Later, Blum [14] introduced a general theory of complexity independent of any specific 
model of computation. 

The first systematic investigation of time and space hierachies is due to Hartmanis, 
Lewis, and Stearns [65, 64, 109] in the 1960’s, who coined the term “computational 
complexity” for what we call complexity theory in this book. 

Important results concerning the classes of problems solvable in polynomial time and 
non-deterministic polynomial time were established by Cook [26] and Karp [95] who were 
among the first to realize the importance of these concepts. 

Exercises 

1.1 Consider the set of all Turing machine programs. Does Turing argue that the tape 
symbol alphabets of different programs should be uniformly bounded in size, or may 
different machines each have their own alphabets, without any uniform size bound? □ 

1.2 Again, consider the set of all Turing machine programs, and assume that the tape 
symbol alphabets of different programs are uniformly bounded in size. 

Could one reasonably argue that the set of “states of mind” should be uniformly 
bounded as well? Hint: What would be the effect of bounding both of these on the 
number of problems solvable by Turing machines? □ 
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1.3 Prove that V(IN ), the set of all subsets of 27V, is uncountable, using the diagonal 

method. Hint: if all of V(IN) could be listed S' 1 , 6 ' 2 ,..., then one can find a new subset 
of IN not in this list. □ 

1.4 Prove that the set of all total functions IN —> {0,1} is not countable. □ 

1.5 Let A and B be sets and let S be a non-empty set of partial functions from A into 
22, i.e., S C A —> B±. Show that the following conditions are equivalent. 

1. S' is countable. 

2 . There is a sequence /o, / 1 , • • • so that g G S if and only if g — fi for some i. 

3. There is a surjective function u : 27V —» S. 

4. There is a function u : 27V —> (A —> B±) such that g G S if and only A g — u(i) for 
some i. 

5. There is a partial function u : (27V xi)^ B± such that g G S if and only if there 
is an i G 27V such that g(a) ~ u(i,a) for all a in A. 

The reader should note that the /’s, g s , etc. above are functions , and that these are not 
necessarily computed by any algorithms. □ 

1.6 Consider a language like the subset of Pascal in Subsection 1.4.5, but with the 
following modification. Instead of commands of form 

whileX > OdobeginCend 

there are only commands of form 

forX := ItondobeginCend 

where n is a numerical constant, with the usual meaning. (It terminates immediately if 
n < 1.) Variable X may not be re-assigned within command C. 

Use a construction similar to the one in Subsection 1.4.5 to show that there is a 
function which is not computable in this language. Is the function effectively computable 
at all? □ 

1.7 * Change the language of the previous exercise by expanding the iteration state¬ 
ment’s syntax to 

forX := EltoE2dobeginCend 

where El and E2 are numerical expressions. (X may still not be assigned within command 
C.) Consider two alternative ways to interpret this statement (using a “goto” syntax): 
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Semantics 1 : equivalent to the following, where Tem is a new variable. 

X := El; Tem := E2; 

1: if X > Tem then goto 2 
C 

X := X + 1 
goto 1 

2 : 

Semantics 2: equivalent to the following. 

X := El; 

1: if X > E2 then goto 2 
C 

X := X + 1 
goto 1 

2 : 

Show that every program terminates under semantics 1, but that some may loop under 
semantics 2. □ 
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The notions of the introductory chapter, e.g., “effectively computable,” were imprecise, 
because they relied on an intuitive understanding of the notion “effective procedure.” We 
now present a model of computation, or programming language, called WHILE, which 
is used throughout the book. In subsequent chapters we define the intuitive notions 
of the preceding chapter precisely, by identifying “effective procedure” with “WHILE 
program.” 

It may seem that we avoid the vagueness of intuitive argumentation by going to the 
opposite extreme of choosing one model of computation which is too simple to model 
realistic computing. Later chapters will argue that this is not the case, by proving the 
equivalence of WHILE with a variety of other computation models. 

The WHILE language has just the right mix of expressive power and simplicity. 
Expressive power is important because we will be presenting many algorithms, some 
rather complex, that deal with programs as data objects. The data structures of WHILE 
are particularly well suited to this, and are far more convenient than the natural numbers 
used in most theory of computation texts. Simplicity is essential since we will be proving 
many theorems about programs and their behaviour. This rules out the use of larger, 
more powerful languages, since proofs about them would necessarily be too complex to 
be easily understood. 

Section 2.1 describes the WHILE syntax and informally describes the semantics of 
programs. Section 2.2 precisely describes the semantics. Section 2.3 shows that equality 
tests may without loss of generality be restricted to atomic values, each taking constant 
time. This will be relevant later, when discussing time-bounded computations. 


2.1 Syntax of WHILE data and programs 

The syntax of WHILE data structures and programs is described in Subsections 2.1.1- 
2.1.2. Subsection 2.1.3 informally explains the semantics of WHILE-programs by means 
of an elaborate example. Subsection 2.1.4 concerns conditionals and truth values in 
WHILE, and Subsections 2.1.5-2.1.6 show how to compute with numbers and lists in 
WHILE. Finally, Subsection 2.1.7 describes a useful macro notation. 
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2.1.1 Binary trees as data values 

Recall the idealized subset of Pascal that we used in Subsection 1.4.5 in which one can 
compute with numbers. 1 It has commands to assign an arbitrary number to a variable, 
and to increment and decrement a variable by one. 

The language WHILE is very similar but with one very important difference: instead 
of computing with numbers , the language computes with certain trees built from a finite 
set. For instance, a and (a.c) as well as (a. (b.c)) are trees built from the set {a,b,c}. 
The objects a,b,c are called atoms (definition) because, unlike for instance (a.c), they 
cannot be divided further into subparts. The reason we call these objects “trees” is 
that they can be represented in a graphical form as trees with atoms as leaf labels, see 
Figure 2.1. 



Figure 2.1: Two trees in linear and graphical notatation. 


On the number of atoms. In Turing’s analysis of computation, all computing is 
based on manipulation of symbols from an alphabet. Further, he argued against the use 
of an infinitely large symbol alphabet, as this would lead to symbols that differed by an 
arbitrarily small extent. A conclusion is that we should not allow an unbounded number 
of atoms in WHILE programs. 

In fact, it suffices to have only one atom , that we will henceforth call nil. The reason 
is that any computation using, say, the three atoms a, b, c could just as well be done 

^he reason we call it “idealized” is that it has representations of all natural numbers 0,1,2,..., and 
not just, say, 0 to 65535. 
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using three distinct binary trees in their places, e.g., (nil.nil) for a, (nil. (nil.nil)) 
for b, and ((nil.nil) .nil) for c. 

In informal examples we will often, for the sake of human readability, use more atoms 
than nil, as in Figure 2.1, but in formal definitions we only use the one atom nil. 
Formally we define the set of trees ID as follows. 

Definition 2.1.1 The set D of trees is defined by: 

1. The atom nil is an element of ID; 

2. Whenever d x and d 2 are elements of ID, then so is (d!.d 2 ); and 

3. D is the smallest set satisfying the previous two points. 



Definition 2.1.2 The function 


: D —> TV defined by: 




1 if d G A 

|di| + |d 2 | if d=(d 1 .d 2 ) 


denotes the size of a data value d G B. 



In Figure 2.1, the leftmost value has size 5, and the rightmost value has size 6 . 


2.1.2 Syntax of WHILE programs 

The operation in WHILE, analogous to the increment operation on numbers in the 
idealized subset of Pascal in Subsection 1.4.5, is the operation that combines two trees 
di and d 2 into one (di.d 2 ). This operation is called cons (short for “construct".) The 
operations in WHILE, analogous to the decrement operation on numbers, are the two 
operations that decompose a tree (di .d 2 ) into the subtrees di and d 2 . These are called 
head, and tail , respectively. There is also an operation to test equality of elements of ID. 

Definition 2.1.3 Let Vars = {Vo,Vi,. ..} be distinct variables. We use the conventions 
d, e, f, ... G D and X, Y, Z, .. . G Vars. Then the syntax of WHILE is given by the 
following grammar: 
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Expressions 3 E, F ::= X (for X G Vars) 

d (for atom d) 

cons E F 
hd E 
tl E 
=? E F 

Commands 3 C, D ::= X := E 

C; D 

while E do C 

Programs 3 P ::= read X; C; write Y 

Here X and Y are the not necessarily distinct input and output variables. □ 


We use indentation to indicate the scope of while and other commands. For instance, 
consider the two commands: 

while E do while E do 

C; C; 

D D 

The leftmost command repeatedly executes C as long as E is true and executes D once 
when E has become false (what it means that an expression is true or false will be clear 
later on). The rightmost command repeatedly executes first C and then D, as long as E 
is true. 

We also use braces to indicate scope, so the two above commands might have been 
written {while E do C }; D and while E do {C;D}. Similarly we use parentheses to 
explicate scope in expressions, such as cons (hd (tl X)) Y. 

Note that a program always expects exactly one input. A program of, say, two inputs 
can be expressed as a function which expects one input of form (d.e): 2 


read X 

• 

> 


c* 

X 

is 

(d.e) 

*) 

Y : = 

hd 

X; 

c* 

Y 

is 

d 

*) 

Z : = 

tl 

X; 

c* 

Z 

is 

e 

*) 


C; 

write Y 


2 Comments are written in the form (* 


• • • 


*), as in Pascal. 
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2.1.3 Informal semantics 

We now explain the semantics of a simple program to reverse a list, which illustrates 
most aspects of WHILE. 

Example 2.1.4 Consider the following program, reverse: 

read X; 

Y := nil; 
while X do 

Y := cons (hd X) Y; 

X := tl X; 
write Y 

The program consists of a read, command, a body , and a write command. The idea is 
that some input d G ID is assigned to the variable X, and then the body is executed. At 
any point during execution every variable is bound to an element of ID; the collection of 
all such bindings at one point is a store. Initially X is bound to the input d G ID, and all 
other variables in the program are bound to nil. If execution of the body terminates, 
the value e G ID last bound to Y is the output. 

For reverse, if X is initially bound to input 

(do . (di. (• • •. (d n _i. (d n .nil) )•••))) 
then Y is bound to 

(d n . (d n _!. (— . (dx . (d Q . nil) )•••))) 

when execution reaches the final write command, and this later element of ID is then the 
output. 

To bind a variable, say Y, to some f G ID one uses the assignment Y: =f. So the second 
line assigns nil to Y . 3 

More generally every expression E evaluates to some e G ID, and Z := E assigns this 
e to Z. Specifically, E evaluates to e. As another example cons E F evaluates to (e.f) 
if E evaluates to e and F evaluates to f . Further, hd E and tl E evaluate to e and f, 
respectively, if E evaluates to (e.f). Finally, a variable Z evaluates to the value it is 
currently bound to. 

3 Since all variables are initially bound to nil this command is superfluous. However it often happens 
that one assigns some f G ID to a variable without ever making use of the initial value nil. Therefore, if 
one does want to make use of the initial value nil, it is good programming practice to enter an explicit 
assignment Y := nil in the program. 




34 The WHILE Language 


The expression =? E F evaluates to true, if E and F evaluate to the same value, and to 
false otherwise. Thus =? (nil.nil) (nil.nil) evaluates to true, and =? (nil.nil) 
nil evaluates to false. 

Turning to our program, the next thing that happens is that the while command 
beginning in the third line is executed. The meaning of the command while E do C is 
as follows. If E evaluates to nil proceed to the command following while E do C. In the 
example this is the command write Y. However, if E evaluates to something other than 
nil execute C, and test again whether E evaluates to nil. The outcome of this test may 
be different from the first since the variables occurring in E may have been assigned new 
values by the command C. If E evaluates to nil, go to the next command, and otherwise 
execute C and test E again, etc. 

So in the example program, the commands Y := cons (hd X) Y; X := tl X are 
executed in sequence as long as X is not bound to nil. Before the first of these two 
commands X is bound to (e.d) (otherwise execution would have proceeded to the write 
command) and Y is bound to some f. After the first command Y is bound to (e.f), and 
after the second command X is bound to d. 

If we think of the value (do-(di .(•••. (d n _i. (d n .nil) ) •••))) as a list do, di,..., 
d n _i, d n , then the program reverses lists; more about lists in Subsection 2.1.5. □ 

2.1.4 Truth values and if-then-else 

As is apparent from the preceding example, whenever evaluating expressions in tests one 
should think of nil as “false” and any other element of D as “true.” This intuition is so 
predominant that we explicate it in a definition: 

Definition 2.1.5 We use the following abbreviations: 

false = nil 
true = (nil.nil) 

Conditional commands and boolean expressions. We now see that conditional 
commands can be expressed by while-commands alone. 

Example 2.1.6 The following compound command executes C if and only if E evaluates 
to true. Variable Z must be chosen different from existing variables. 

Z := E; (* if E then C *) 

while Z do { Z := false; C }; 
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The next statement will execute Cl if E evaluates to true and otherwise C2. 

Z := E; (* if E then Cl else C2 *) 

W := true; 

while Z do { Z := false; W := false; Cl }; 
while W do { W := false; C2 }; 


□ 

The same idea may be applied to expressions, rather than just commands, thus expressing 
conjunction E and F, disjunction E or F, or negation not E, etc.. 


2.1.5 Lists 

As one can see from the example in subsection 2.1.3, elements of ID sometimes have 
deeply nested parentheses that are hard to read; one has to resort to counting to parse 
an element like ((a. (b.nil)) . ((d. (e.nil)) .nil)). 

Often the nesting has a certain regular structure, because we often express a list of 
elements d 0 , d lv .., d n _ 1? d n as the tree (d 0 . (di .(•••. (d n _i . (d n .nil)) •••))). For 
instance (a. (b.nil)) represents the list consisting of elements a, b. Therefore it would 
be particularly convenient to have a short notation for this form. Hence the idea is to 
use the notation (do • • - d n ) for the tree (do . (di. (• • •. (d n _i. (d n .nil)) •••))). Then the 
tree (a. (b.nil)) can be written (a b) in short notation and, as another example, the 
tree ( (a. (b.nil)) . ((d. (e .nil) ) .nil) can be written ((a b) (d e)). 

This is introduced in the following definition. 


Definition 2.1.7 The list representation d of d G ID is the string of symbols from al¬ 
phabet {nil, (,.,)} defined recursively as follows: 



d if d is an atom 

(di • • • d ) if d = (di. (d 2 . (• • • (d n .nil) •••))) 


We call (di • • -d n ) a list of length /(d) = n; nil is the empty list of length 0. In general, 
a length may be computed for any element of D by induction: 


/(nil) =0 ^ 

Z((d]_.d2)) = 1 + Z(d2) 


Notice that every element of D has exactly one list representation. Henceforth we will 
omit the underlines and write all values in the list form. Figure 2.2 gives some examples 
of elements in ID and their list representations. 
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Value d in D 
nil 


Representation 

nil 


(a.(b.nil)) 

(a.((b.(c.nil)).(d.nil))) 

((a.(((b.nil).nil).nil)).nil) 


(a b) 

(a (b c) d) 
((a ((b)))) 


d 

T 

3 

6 

6 



Figure 2.2: Some trees and their list representation 


The first example in the preceding subsection can now be expressed as saying that the 
program reverses lists: if X was initially bound to input (do***d n ) then Y is bound to 
(d n ---do) when execution reaches the final write command. 


2.1.6 Numbers 

WHILE has only one atom, so how can we compute with numbers? One idea is to 
represent the number n by a list of length n. 

Definition 2.1.8 Define n = nil n , where 

nil 0 = nil = () 

nil n+1 = (nil.nil n ) = ( nil nil ) 

n+i times 

and let J\f = {n \ n G IN}. The elements of A f are called numerals. □ 

As a matter of convenience, we will omit underlines and simply write 0,1,2, ... instead 
of 0,1,2,... or nil 0 , nil 1 , nil 2 ,---. With the representation in this definition, while E 
do C means: as long as E does not evaluate to 0, execute C. As two very simple examples, 
the successor and predecessor functions are computed by: 

read X; (* succ *) read X; (* pred *) 

Y := cons nil X; Y:=tl X; 

write Y write Y 

Here is a program for adding two numbers (note that XY is a single variable, whose value 
is a pair): 
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read XY; (* add X Y *) 

X := hd XY; 

Y := tl XY; 
while X do 

Y := cons nil Y; 

X := tl X; 
write Y 

More programs computing with numbers are examined in the Exercises. 


2.1.7 Syntactic sugar: some useful macro notations 

We introduce some programming shorthand devices to increase human readability of 
program texts. The first is nearly trivial: let skip be a command with no effect, say 

X: =X. 


Two notations for building lists. The expression list Ei • • • E n will be used as 
shorthand for cons Ei (cons E 2 ••• (cons E n _i (cons E n nil)) ••• ) for any nE 
IN. Its value is (d} d 2 --- d n _i d n ) if the value of each list E^ is d*. 

The expression cons* Ei*** E n will be used as shorthand for cons Ei (cons 
E 2 • • • (cons E n _i E n ) • • ■) for any n E IN. (This differs slightly in that nil is not added 
at the end, which makes it more useful than list for extending an already-existing list.) 
Its value is (di d 2 • • • d n _i ei e 2 • • • e m ) if the value of each list E* is d* for 1 < i < n 
and the value of list E n is (ei e 2 • • • e m ) 

Inline procedure expansion. Note in the example for adding two numbers that the 
program incremented and decremented X and Y, respectively, explicitly by means of cons 
and tl expressions. A more abstract formulation of add, hiding the specific way numbers 
are implemented, is: 

read XY; (* add X Y *) 

X := hd XY; 

Y := tl XY; 
while X do 
Y := succ Y; 

X := pred X; 
write Y 

where we allow the add program to use the succ and pred programs. Strictly speaking 
we have not yet explained how this can be allowed. That is done in this subsection. 
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Given a program p we will allow a program q to use the command B := p A. The 
meaning is as follows. Suppose that the input and output variable in p are X and Y, 
respectively. Now make a copy pp of the body of p where X and Y are replaced by A and 
B, respectively, and where all variables are renamed so that no variable of pp other than 
A and B occurs in q. Then replace in q the command B := p A by the body of pp. 

Example 2.1.9 Consider the following program, append, which for input (d.e) with d 
= (di-- - d n ) and e = (ei-- - e m ) computes (di-- - d n ei*** e m ). 


read 

X; 


(* 

X 

is 

(d.e) *) 

A 

:= hd 

X; 

(* 

A 

is 

d 

*) 

Y 

:= tl 

X; 

(* 

Y 

is 

e 

*) 

B 

:= reverse A; 

(* 

B 

is 

d 

reversed *) 


while B do 

Y := cons (hd B) Y; 

B := tl B; 

write Y (* Y is list d with e appended *) 

Written out explicitly the program is: 


read 

X; 


(* 

X 

is 

(d 

..e) *) 

A 

:= hd 

X; 

(* 

A 

is 

d 

*) 

Y 

:= tl 

X; 

(* 

Y 

is 

e 

*) 

B 

:= nil; 

(* 

B 

becomes d reversed *) 


while A do 

B := cons (hd A) B; 

A := tl A; 
while B do 

Y := cons (hd B) Y; 

B := tl B; 

write Y (* Y is list d with e appended *) 

□ 

We will also allow names to stand for sequences of commands. Thus from now on, 
programs may make free use of conditionals. 


2.2 Semantics of WHILE programs 

Recall from the introductory chapter the important distinction between algorithms and 
the mathematical functions they compute. In this section we show how any program 
in WHILE can be used to define a partial function from D to ID. The interpretation is 
nothing more than a precise statement of the informal semantics mentioned in Subsec¬ 
tion 2.1.3. 
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Subsection 2.2.1 formalizes the notion of a store that was mentioned in Example 2.1.4. 
Subsections 2.2.2-2.2.3 then formalize the notions of evaluation of an expression and 
execution of a command, also mentioned in Example 2.1.4. Finally, Subsection 2.2.4 
puts together the pieces. 


2.2.1 Stores 

The notation [x\ > di,...,x n ■> d n \ denotes the finite function / such that f(xi) = di. 
The notation f[x » d] denotes the function g such that g{x) = d, and g(y) = f(y) for 
y x. See Subsection A.3.6 in the Appendix for more information. 


Definition 2.2.1 Given a program p=re ad X; C; write Y. 


1. Vars(p) denotes the set of all variables occurring in p. 

2. A store a for p is a function from Vars(p) to elements of ID. The set of all stores 
for p, i.e., the set Vars(p) —»ID, is called Store p . 

3. The initial store cr p (d) G Store p for input d G ID is: 


X f—» d, Zi i—» nil..., Z m f—> nil 


where Vars(p) = {X,Zi,... ,Z m }. Note that if Y and X are different, Y is among the 
Z,. □ 


2.2.2 Evaluation of expressions 


Given a store a containing the values of the variables in an expression E, the function S 
maps E and a into the value fjEflcr = d in D that E denotes. For example £[[cons X Yjcr = 
((nil .nil) .nil) if a = [Xf— » (nil .nil), Yi —> nil]. 
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Definition 2.2.2 The function £ : Expression —> (Store 


D) is defined by: 


£[dl cr 

£[[cons E Fjcr 


£[[hd E]]cr 


£\tl E]](j 


£I=? E F]<r 


a(X) 


(fjEflo-.fjFflcr) 


if 5[Ell ct= (e.f) 


nil otherwise 


f if £[[E]]cr = (e.f) 
nil otherwise 

true if £[[E]]cr = £[[F]]cr 
false otherwise 


2.2.3 Execution of commands 

Given a store <r, the relation Cher —» o' expresses the fact that the new store is o' after 
executing the command C in the store a. (If command C does not terminate in the given 
store cr, then there will be no a' such that C b a — » a'.) For instance, 

X:=cons X Y b [X nil,Y i—> nil] —» [X i —> (nil.nil),Y i—> nil 

Definition 2.2.3 Define the relation • b • —> • C Command x Store p x Store p to be the 
smallest relation satisfying: 

X: =E b a —■> a [X i—> d] if £ [[E] a = d 

C; D b a —>• a" if C b a a' and D b a' —>• a" 

while E do Cb a^a" if £[[E]]<t ^ nil, C b a —> a', while E do Cb 

while E do Cbu-xj if £[[E]]<T = nil 

□ 

2.2.4 Semantics of WHILE programs 

The function [[•]] maps a program p and input value d into a value [[pj| (d) = e in ID if 
the program terminates. (If the program does not terminate there will be no e G ID with 
Up]] (d) = e.) This is done by executing C in the initial store cr p (d) (as in Definition 2.2.1) 
and writing the value a'( Y) bound to Y in the new store a' resulting from execution of C. 
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Definition 2.2.4 The semantics of WHILE programs is the function 

H WHILE : Program —► (D —> D ± ) 

defined for p = read X; C; write Y by: 

[[p]] WHILE (d) = e if C b 00 (d) —> <7 and cr(Y) = e 

We write [p]] instead of [[pJ WHILE when no confusion is likely to arise. If there is no e such 
that [[p]](d) = e, then p loops on d; 4 otherwise p terminates on d. We also say that p 
computes [[p]. □ 


Given the precise semantics of programs one can prove rigorously such properties as 
[[reverse]] (d 1 • • • d n ) = (d n • • • d x ), see the exercises. 

2.2.5 Calculating semantic values 

Given a program p and an input d on which p does not loop, how can we find the 
corresponding output [[p]] (d)? According to Definition 2.2.4 we have to find a store a 
such that C b cr^d) —> cr, and then look up Y’s value in a. 

How do we solve the problem, given some C and store (Jq, of finding a a such that 
C b (jo —* cj ? This can be done by applying the rules in Definition 2.2.3 as follows. 

• If C has form C;D we first solve the problem of finding a g' such that C b (Jo —> cb, 

and then the problem of finding a a" such that D b o' —> cr", and then we can use 

__ _// 

(7 — (7 

• If C has form X := E we calculate £[[E]cro = d and then a is the same as a o except 
that X i—»d. 

• if C has form while E do C we calculate f [[E]]cro = d. If d is nil then a is gq. 
Otherwise, first solve the problem of finding a a' such that C b gq —>► cr', and then 
the problem of finding a a" such that while E do C b a' —>• a", and then we can 
use a = a". 


4 In this case, we write [[p]](d) = _L, as usual for partial functions. 
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2.3 Equality versus atomic equality 

One could argue, as in Turing’s analysis of Section 1.2.1, against our use of the tree 
comparison operator =? on the grounds that it is not “atomic” enough. This can be 
countered by showing how to test general equality without =?. 

The following program assumes given input as a pair (d.e), and tests them for 
equality: 

read X; 

GO := true; Y := false; 
while GO do 
if D then 

D1 := hd D; D2 := tl D; 
if D1 then 
if E then 

El := hd E; E2 := tl E; 
if El then 

D := cons (hd Dl) (cons (tl Dl) D2)); 

E := cons (hd El) (cons (tl El) E2)) 
else GO := false 
else GO := false 
else 

if E then 

if (hd E) then GO := false 
else 

D := tl D; E := tl E 
else GO := false 

else 

if E then GO := false 
else 

Y := true; GO := false; 
write Y 

A few words on the correctness of this program are in order. First of all, termination is 
ensured by the fact that a certain number gets smaller every time the body of the while 
loop is executed; this is addressed in an exercise. 

Assume that the values d and e have been assigned to program variables D and E. 
Initially, Y is set to the most common output value false. 

Case 1: If the “cascade” of tests if D, if Dl, if E, if El are all true, then d and 
e have forms ((dn.di 2 ) .d 2 ) and ((en.ei 2 ) .e 2 ). In this case D and E are re-assigned 
values (dn • (di 2 • d 2 ) ) and (eq . (ei 2 . e 2 ) ), and the loop is repeated. It is clear that the 
new values for D and E are equal iff the original ones were equal. 
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The next two, Cases 2 and 3, both fail because d has form ( (dn .di 2 ) .d 2 ) but e has 
form (nil.e 2 ) or nil, respectively. Then the two values cannot be equal, so the loop is 
terminated by setting GO := false and not changing Y. Cases 4 also fails: d has form 
(nil. d 2 ) but e has form ( (en . ei 2 ) . ^ 2 ) • 

If execution enters Case 5, d and e have form (nil.d 2 ) and (nil.e 2 ). For d and e 
to be equal, d 2 and e 2 must be equal. Therefore D and E are re-assigned values d 2 and 
e 2 , and the loop is repeated. 

If execution enters Case 6, d and e have form (nil.d 2 and nil, which fails. 

If execution enters Case 7, d and e have form nil and (ei . e 2 ) so the loop is termi¬ 
nated with output false. In the final Case 8 , d and e are both nil, and comparison 
terminates successfully by setting output variable to Y to true. 


2.3.1 More syntactic sugar 

Rewrite rules: The logic of the nested if commands above is not easy to follow (one 
has to parenthesize them). A convenient more compact form is to write nested if’s as 
a sequence of rewrite rules of form rewrite [XI, X2, . . . ,Xn] by Rulel; . . . ;Rulem. 
Here each Xi is a variable, and a rule Rulej may have one of two forms: 


1. [patl,...,patn] => [El,...,En], or 

2. [patl, . . . ,patn] C; 


where each pati is a pattern built from new variables using nil and the tree constructor 
and C is a command. 

Informal semantics: if the current values of variables XI, X2, . . . ,Xn match patterns 
patl, . . . ,patn (in left-to-right order), then the rule is applied. If the rule has the first 
format, Ei is an expression assigning a new value to variable Xi. If the second, C is a 
command that may change Xi. The right-side expressions El,... ,En or command C may 
contain references to variables appearing in the patterns, though not to the left of :=. 

For an example, the algorithm above could be expressed using rewrite rules as: 
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read X; 

GO := true; Y := false; 

while GO do 
rewrite [D, E] by- 


[( 

[(D11.D12). 

D2) , 

((Ell. 

E12) .E2)]^> 

[(DU. 

(D12.D2)), 

(Ell.(E12.E2))] 

[ 

((D11.D12) 

. D2) , 

(nil. 

E2) ] => 

GO : = 

false; 


[ 

((D11.D12) 

. D2) , 

nil ] 


GO : = 

false; 


[ 

(nil.D2), 

((Ell 

.E12) . 

E2) ] => 

GO : = 

false; 


[ 

(nil.D2), 

(nil. 

E2) ] 


[ D2, 

E2 ] 


[ 

(nil.D2), 

nil ] 


GO : = 

false; 


[ 

nil, 

(El. 

E2) ] 

=> 

GO : = 

false; 


[ 

nil, 

nil ] 


Y : = 

true; GO := 

false; 


write Y; 


Such rules are easily expanded into nested if commands. For instance, the first rule 
would naturally expand into: 

if D then 

if (hd D) then 
if E then 

if (hd E) then 

D := cons (hd (hd D)) (cons (tl (hd D)) (tl D)); 

E := cons (hd (hd E)) (cons (tl (hd E)) (tl E)) 


and the next-to-last rule would expand to: 

if D then skip 
else 

if E then 

if (hd E) then skip 
else 

GO := false 


The case statement: A similar construction to aid readability is the case statement, 
with syntax 

case E of 
patl =$> Cl; 

• • • 

patn =^> Cn; 
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Again, this expands into a sequence of nested if statements, and the commands Cl,... ,Cn 
may contain references to variables appearing in the patterns (though not to the left of 

:= )- 

Exercises 

2.1 Write a WHILE program that takes an input d and returns the list of atoms in d 

from left to right. For instance, with d=( (a.b) . (a. (c .d) ) the program should yield (a 
b a c d) (i.e., (a. (b. (a. (c . (d.nil)))))). □ 

2.2 Write a WHILE program that expects an input of the form (di--- d n ) (a list of 

values), and removes adjacent occurrences of the atom nil. For instance, if the input 
is (nil (nil) nil nil ((nil)) nil)), the program should yield ((nil (nil) nil 
((nil)) nil))). □ 

2.3 Let a = {X i—» (nil.nil)}, C be while X do X:=X, and show that there is no a' such 

that C b a — > a'. □ 

2.4 Given d = (a b c) , and let p = read X; C; write Y be the reverse program from 
Subsection 2.1.3. Find a a such that C b of } —> a. Explain in detail how o is computed. 

□ 

2.5 Prove that [[reverse]](d x • • • d n ) = (d n • • • di). Hint: Proceed by induction on n. 5 □ 

2.6 * This concerns the general program for testing equality in section 2.3. Consider 
the weight function w : ID —» IN defined by: 

w(d) = |d| — r(d) where 

r(nil) = 1 

r((d r d 2 )) = l + r(d 2 ) r(d) = length of right spine of d 

Exercise: First, argue that this function decreases in each loop of the equality-testing 
program of section 2.3. Then find an upper bound on the running time of the equality¬ 
testing program. 

2.7 Prove that the size |d| of a value d G ID can be computed in time 0(|d|). Hint: 

modify the program for testing equality in section 2.3, so it compares d against itself, 
and increases a counter nil n each time a new is found in d. □ 

5 See Subsection A.6 for a presentation of induction. 
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References 

The data structure of WHILE is very similar to those of Scheme and LISP. The book 
by Kent Dybvig [41] is a good introduction to Scheme. The semantics of the WHILE 
language is in essence a natural semantics as one would find it in an introductory text 
on programming language semantics, e.g., the books by Schmidt [158] or by Nielson and 
Nielson [136]. 

Some other textbooks on computability and complexity use a language very similar to 
WHILE, but in most cases the data structure used is numbers, rather than trees [97, 164]. 
The author has used structured data as well as structured programs for teaching for 
several years at Copenhagen. The idea of restricting trees to the single atom nil was 
due to Klaus Grue [57]. The same WHILE language was used in article [78], which 
contains several results and definitions appearing later in this book. 




3 Programs as Data Objects 


In this chapter we are concerned with programs that take other programs as data. This 
requires that programs be part of the data domain; we show how to achieve this in 
Section 3.2. We then study three kinds of programs that have other programs as input 
in Sections 3.3-3.6: compilers, interpreters, and specializers. The chapter concludes with 
several simple examples of compilation in Section 3.7. 

A compiler is a program transformer which takes a program and translates it into an 
equivalent program, possibly in another language. An interpreter takes a program and 
its input data, and returns the result of applying the program to that input. A program 
specializer , like a compiler, is a program transformer but with two inputs. The first input 
is a program p that expects two inputs X,Y. The other input to the program specializer 
is a value s for X. The effect of the specializer is to construct a new program p s which 
expects one input Y. The result of running p s on input d, is to be the same as that of 
running p on inputs s and d. 

The reason we emphasize these program types is that many proofs in computability 
theory involve, either explicitly or implicitly, constructing an interpreter, a compiler, or 
a specializer. 

First we define what constitutes a programming language in Section 3.1. 

3.1 Programming languages and simulation 

Definition 3.1.1 A programming language L consists of 

1. Two sets, L— programs and L— data; 

2. A function [[•]] L : L— programs —> (L —data—* L—data±) 

Here [[•]] L is L’s semantic function , which associates with every L-program p G L— programs 
a corresponding partial function Jp]] L : L— data— * L— data±. 

If L— programs C L— data, we will henceforth say that L has programs-as-data. Also, 
if L— data x L— data C L— data, we will say that L has pairing. □ 

We have already seen one example of a programmming language according to this defi¬ 
nition, viz. the language WHILE, which has L —data = D and L— programs as in Defini¬ 
tion 2.1.3. WHILE has pairing (the “cons” operator onD), and we will soon see how to 
represent WHILE-programs as values in ID. 
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More programming languages will be seen in later chapters. As was the case for 
WHILE, we will drop L from the notation ([«]] L whenever L is clear from the context. 

Imagine one has a computer with machine language M. How is it possible to run 
programs written in another language L? We will answer this question in two steps. First, 
we say what it means for language M to be able to simulate an arbitrary L program. (In 
effect, this says M is at least as expressive as L.) Second, we will show how M can simulate 
L, in two different ways: compilation and interpretation. 

Definition 3.1.2 Suppose L -data = M -data. Language M can simulate language L if for 
every p G L -programs there is an m-program q such that for all d G L -data we have 

M L (d) ~ [[qf(d) 

Equivalently: M can simulate L iff there is a total function / : L -programs —» M -programs 
such that [[p]] L = J/(p)]] M for all L -programs p. 

Language L is equivalent to language M, written L = M, if language L and language M 
can simulate each other. □ 

This definition expresses the facts that L and M can compute the same functions; but it 
does not assert the existence of any constructive way to obtain an M-program equivalent to 
a given L-program. The remainder of this chapter concerns how simulation may be done 
computably, by either translation (applying a compiling function) or by interpretation. 
First, however, we will need a way to regard programs as data objects. 

3.2 Representing WHILE programs in ID 

We have earlier given a syntax for WHILE -programs and WHILE- date. Suppose we want to 
give a WHILE program as input to another WHILE program. Presently this is not possi¬ 
ble simply because elements of WHILE -programs are not objects in WHILE- data. Therefore 
we now give a programs-as-data representation for WHILE programs. 

Definition 3.2.1 Let {:=, ;, while, var, quote, cons, hd, tl, =?, nil} denote 10 
distinct elements of ID. The representation p of WHILE program p is defined by the map 
shown in Figure 3.1 1 : 

• : WHILE— programs —» WHILE— data 

1 Recall that Vars = {Vo,Vi,...}. While we often use X and Y to denote arbitrary elements of Vars, it 
is convenient in the definition of • to know the index of the variable to be coded. We assume that no 
program contains a variable with higher index than its output variable. 
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where we use the list and number notation of Subsections 2.1.5-2.1.6. 



read V,-; C; write Vj = 

= ((vari)C(var j)) 

C;D 

= OCD) 

while E do C = 

= (whileEC) 

Vi: =E 

= (:= (vari)E) 

Yi 

= (vari) 

d 

= (quoted) 

cons E F = 

= (consEF) 

hd E 

= (hdE) 

tl E 

= (tlE) 

=? E F 

- (—? EF) 


Figure 3.1: Mapping WHILE programs to their data representations. 


For example, if X and Y are the variables Vi and V 2 , respectively, then the program written 
as 

read X; 

Y := nil; 
while X do 

Y := cons (hd X) Y; 

X := tl X 
write Y; 

would be translated to the value in ID: 

( 

(var 1) 

(; (:= (var 2) (quote nil)) 

(while (var 1) 

(; (:= (var 2) (cons (hd (var 1)) (var 2))) 

(:= (var 1) (tl (var 1)))))) 

(var 2) 

) 

For readability we will continue to use the original syntax when writing programs, but 
it should be understood that whenever a program p is input to another, it is the corre¬ 
sponding representation p that we have in mind. 
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Analogous ideas can be used for other languages L as well, though encoding programs 
as data is harder if L -data is, as in classical computability texts, the set of natural 
numb er s. 


3.3 Compilation 

Suppose we are given three programming languages: 

• A source language S, 

• A target language T, and 

• An implementation language L. 

A compiler comp G L -programs from S to T has one input: a source program p G 

S -programs to be compiled. Running the compiler with input p (on an L-machine) 

must produce another program target, such that running target on a T-machine has 

the same effect as running p on an S-machine. 

This is easiest to describe (and do) if the source and target languages have the same 

s 

data representations S -data = T -data, as one can simply demand that [source]] (d) ~ 

T 

[target]] (d) for all inputs d. 


3.3.1 Compiling without change of data representation 

Definition 3.3.1 Suppose 

• S— data = T— data and 

• S— programs U T— programs C L— data. 2 

Then: 


1. A total function / : L— data-^ L— data is a compiling function from S to T iff for 
every p G S- programs : /( p) G T— programs, and [p]] s = [,/(p)]] T - 

2. An L-program comp is a compiler from S to T if [comp]] L is a compiling function. □ 


Note that we carefully distinguish between a compiling function, and a compiler, i.e. a 
compiling program. Spelled out, a compiling function / satisfies for all p G S —programs 
and all d G S —data: 


M S (d) * U (p)f(d) 


2 In other words: languages S and T have representations of programs as elements of L-data. 
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(where both sides may be undefined, see Subsection A.3.3). 

If language T can simulate language S, then by definition there exists a total compiling 
function from S to T. On the other hand, a compiler comp is an L-program whose meaning 
is a compiling function. It must satisfy for every p G S -programs and every d G S —data = 
T —data. 



comp]] L (p)]] T (d) 


3.3.2 Tl-diagrams 

We use the symbol 

S —► T 

L 


{ comp | Vp G S -programs, Vd G S -data. 


[[Pf(d) 


r 


c °mp]] L (p)f (d)} 


to denote the set of compilers from S to T written in L. Suppose we are given a collection 
of S -programs, nature unspecified. This set can be denoted by 

; ** ; 

! S i 


If we also have a compiler comp from source language S to target language T, written in 
L, then we can perform translations, as described by the diagram: 


source program G 


** 

s 


** 

T 

S —T 


L 



3 target program 


G 

compiler 


In this book compilation will most often be described by informal constructions, and 
if such diagrams are used, we could replace implementation language L above by H, 
indicating “human.” In fact, all of our programming language translations could be 
automated in principle, but going to that level of detail would be more appropriate to a 
programming language course than to a theory course. 
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On the other hand interpreters, under the name universal programs , will be treated 
more formally. They play a central role in theorems of both complexity and computability 
theory. Since their structure and running times are so important, several interpreters 
will be given in considerable detail by programs. 


3.3.3 Compiling with change of data representation 

In order to compare computation by machines with different sorts of input/output data 
we define one way that a (possibly partial) function on one data set can be represented by 
a function on another set. This is a natural generalization of the concept of “commuting 
diagram” to the case where some arrows denote partial functions. 


Definition 3.3.2 Given sets A, B, a coding from A to B is a one-to-one total function 
c : A —> B. A partial function g : B —► B± implements partial function / : A —» A± by 
coding c if for all a G A 

1. /(a) ^ _L implies g{c{a)) = c(/(a)) 

2. /(a) = T implies g(c(a)) = J_ □ 


Intuitively: in the following diagram, whenever an instance / : a i—> /(a) of its topmost 
arrow is defined, there exists a corresponding defined instance g : c(a) c(/(a)) of the 
bottom arrow. Further, any undefined instance / : a T of its topmost arrow corre¬ 
sponds to an undefined instance g : c(a) » T of the bottom arrow. The behaviour of g 
on values outside the range of c is irrelevant to the definition. 

.4 -, 




Definition 3.3.3 Suppose one is 

• given a coding c : S -data —> T -data and that 

• S —programs U T —programs C L— data. 

1. / : L -data —>L -data is a compiling function relative to coding c if for every p G 
S -programs, J/(p)]] T implements [[p]] s by c. 
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2. An L-program comp is a compiler from S to T with respect to coding c if [[comp]] L is 


a compiling function relative to c. 


□ 


The first part of this definition amounts to the generalized commutativity of the following 
diagram. 


S -data 


M 


S -data 


T -data 




c 


T -data 


3.4 Interpretation 

Suppose we are given two programming languages: 

• An implementation language L, and 

• A source language S. 

An interpreter int G L —programs for S —programs takes as input a pair (p.d), where 
p G S —programs is a program and d G S— data its input data. Running the interpreter 
with input (p. d) on an L-machine must produce the same result as running p with input 
d on an S-machine. Typically the time to run p interpretively is significantly larger than 
to run it directly; we will return to this topic later. 


3.4.1 Interpretation without change of data representation 

Definition 3.4.1 Assume that language S has programs-as-data and pairing, and that 
L— data = S— data. Then: 


1. A partial function i : L— data^ L —data± is an interpreting function of S if for all 
p G S —programs and d G S —data: 


*(P-d) ^ M S (d) 


2. L-program int is an interpreter of S in L if [[intj| L is an interpreting function of S. 
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We use the symbol 


{ int | Vp,d. [[pf(d) ~ [[int]] L (p.d) } 


to denote the set of all interpreters for S written in L. 


S 

L 


3.4.2 An interpretation example: straightline Boolean 

programs 

In this example a source program is a linear sequence of commands built from true and 
Boolean variables X 0 ,... ,X n using boolean operations “and" and “not.” Informal syntax 
is defined by the following grammar: 


Program 

I 


read X 0 ; Ii I 2 • • • l m \ write X 0 

Xi := true I X* : = Xj and X^ | X^ := not Xj 


A program representation can be written as an element of ID (where : =true, : =and, : =not 
are distinct values in D) with the following grammar. We use the number notation nib 
for i G IN from Definition 2.1.8). 


Program : := (Ii; I 2 ; • • • Im) 

I : := (:=true X) | (:=and X Y Z) | (:=not X Y) 

X, Y, Z : := nil 0 | nil 1 | nil 2 | ... 


Figure 3.2 shows an interpreter for Boolean programs. Explanation: The store a = 
[Xo 1 —» do, • • •, X n 1 —» d n ] will be represented as a list (do di • • • d n ) . Two auxiliary functions 
are detailed in the next section: lookup, which finds the value d^, if given the store and i 
as arguments; and update, which assigns a new value to variable X^. Operators and and 
not were defined in Section 2.1.4. 

The interpreter first initializes the store by binding the input value d to variable 
Xq using update. It then repeatedly dispatches on the form of the first instruction in 
the remainder P of the program, and performs lookups or updates to implement the 
language’s three command forms. After the case command, P is reassigned to what 
follows after the current instruction; so P decreases until empty. 

Once the last command is executed, the value of Xq is looked up in the final store and 
written out. 
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read PD; (* Input = program and value of XO *) 
P := hd PD; D := tl PD; (* Extract program and data from PD *) 
Store := update 0 D nil; (* Initialize store: XO equals D *) 


while P do 
{ case hd P of 


(* First instruction of remainder of P *) 


(:=true X) 


Store := update X true Store; 


(:=and X Y Z) 


V := (lookup Y Store) and (lookup Z Store); 
Store := update X V Store; 


(:=not X Y) 


V := not (lookup Y Store); 
Store := update X V Store; 


P := tl P }; 


(* Remove first instruction 


*) 


V := lookup 0 Store; 
write V 


Figure 3.2: An interpreter for Boolean programs. 


Auxiliary functions for storing and fetching 

Suppose (do...d n ) is a list of length n+1, and j denotes a numeral j between 0 and 
n. How do we perform the assignment X:=dj? This is done by the following sequence 
of commands, where the variable J contains the numeral j, and Store contains the list 
(do...d n ). Note that after execution of the commands, Store and J have their original 
values. 

T := Store; 

K := J; 
while K do 
K := pred K; 

T := tl T; 

X := hd T; 

Conversely, given a list (do...d n ), a value d, and a number j, how do we compute the 
updated list (do ... dj_i d d^+i... d n )? This can be done by the following program, which 
assumes that the list is in Store, the number is in J, and the value d is in V. 


(* X := lookup J Store *) 

(* Remove the first i elements from a copy of Store *) 
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T := nil; (* Store := update J V Store *) 

K := J; 

while K do (* Net effect is to set *) 

T := cons (hd Store) T; (* T = (dj — 1 ... dO) and *) 

Store := tl Store; (* Store = (dj dj+1 ... dn) *) 

K := pred K; 

Store := cons V (tl Store); (* Store = (d dj+1 ... dn) *) 


while T do (* Replace dO dl... dj-1 on Store *) 

Store := cons (hd T) Store; 

T := tl T; 

3.5 Ways to combine compiler and interpreter 

diagrams 

Diagrams such as the preceding one, and more complex ones with several interpreter 
blocks, compiler blocks, or other blocks put together, can be thought of as describing one 
or more “computer runs.” For example, suppose a Lisp system is processed interpretively 
by an interpreter written in Sun RISC machine code (call this M). The machine code 
itself is processed by the central processor (call this C) so two levels of interpretation are 
involved, as described by Figure 3.3. 


; ** • 

i l i 

L 

M 

M 

C 

Figure 3.3: Diagram of program execution with two interpretation levels. 

Assume that certain languages are directly executable ; typically a machine language 
T, or an implementation language L for which one already has a compiler or interpreter 
available. Then a composite diagram composed of several Tl-diagrams is defined to be 
directly executable if and only if every “bottom-most” diagram in it is implemented in 
an executable language. 
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In order to be meaningful a diagram must be “well-formed,” that is satisfy some 
natural constraints: 

1. All languages appearing bottom-most in the diagram must be executable (either 
because they are machine languages, or because implementations are known to 
exist even though not shown in the diagram). 

2. Let us define language L to match language M, written L □ M, to mean that any 
L-program is also an M-program, and has the same semantics. A special case: L C 
L, that is, any language matches itself. 

3. The second constraint is that any subdiagram of either of the following two forms: 


** 

; ** 


** ; 

SI 

S2 

S 

— 

T 

T2 

s 



L 



L 







must satisfy: 


SI CS,S2CS and T □ T2 


3.6 Specialization 

Suppose again that we are given three programming languages: 

• A source language S, 

• A target language T, and 

• An implementation language L. 

A program specializer is given an S-program p together with part of its input data, s. 
Its effect is to construct a T-program p s which, when given p's remaining input d, will 
yield the same result that p would have produced given both inputs. We leave open the 
possibility that S and T are different languages, although we will require S- data—T- data, 
i.e. we only consider specialization without change in data representation. 

Thus we may think of specialization as a staging transformation. Program p’s com¬ 
putation is not performed all at once on (s.d), but rather in two stages. The first stage 
is a program transformation which, given p and s, yields as output a specialized program 
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= program 


Figure S.f: A program specializer. 


p s . In the second stage, program p s is run with the single input d—see Figure 3.4/ The 
specialized program p s is correct if, when run with any value d for p’s remaining input 
data, it yields the same result that p would have produced when given both s and the 
remaining input data d. 

Definition 3.6.1 Assume that S has pairing, that S and T have programs-as-data, and 
that S —data = L— data = T—data. Then: 

1. A total function / : L— data-^ L —data is a specializing function from S to T iff for 
all p G S —programs and d G S —data /(p.d) G T —programs and 

M S (s.d) ~ If (p.s)]] T (d) 

'^Notation: data values are in ovals, and programs are in boxes. The specialized program p s is first 
considered as data and then considered as code, whence it is enclosed in both. Further, single arrows 
indicate program input data, and double arrows indicate outputs. Thus spec has two inputs while p s 
has only one; and p s is the output of spec. 
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2. L-program spec is a specializer from S to T if [[spec]] is a specializing function 
Specifically, 

[[pf (s.d) ~ J[[specJ L (p.s)]] T (d) 


□ 

Theorem 3.6.2 Language M can simulate language L if either there exists a compiler 
from L to M, or if there is a specializing function from M to M, and there exists an interpreter 
for L written in M. 

Proof. This is immediate if there is an L-to-M compiler comp written in T, since function 
[comp] 1 satisfies Definition 3.1.2. Further, if L can be interpreted by M, there exists an 
L-to-M compiler by Exercise 3.1. □ 


3.7 Two simple examples of compilation 

In this section we consider some fragments of WHILE and show by means of translations 
that the fragments are as expressive, in a certain sense, as the whole language. The first 
section restricts the number of variables a program may use, and the second restricts the 
size of expressions. 

3.7.1 The I language: one-variable WHILE-programs 

I is the same language as WHILE, except that its programs only contains one variable 
X, which is also used for both input and output. Any WHILE program can be translated 
into an I program with the same semantics. 

Definition 3.7.1 The syntax of I is given by grammar of Figure 3.5. Program semantics 
is as in Section 2.2. □ 


Example 3.7.2 Recall the following program to reverse a list: 

read X; 

Y := nil; 


while X do 

Y := cons (hd X) Y; 
X := tl X; 
write Y 
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Expressions 3 E, F :: 

= X 


nil 


cons E F 


hd E 


tl E 

Commands 3 C, D :: 

= X := E 


C; D 


while E do C 

Programs 3 P :: : 

= read X; C; write X 


Figure 3.5: Syntax of the I language. 


The program has two variables. To convert it into an equivalent 1-variable program 
“pack” the two into one A=(cons X Y). Whenever we need X in some expression we take 
(hd A), and whenever we need Y we take (tl A). Whenever we wish to assign E to X we 
assign cons E (tl A) to A, and whenever we wish to assign E to Y we assign cons (hd 
A) E to A. We thus arrive at the following program. 

read A; 

A := cons A nil; (* now A = cons X Y *) 

while (hd A) do 

A := cons (hd A) (cons (hd (hd A)) (tl A)); 

A := cons (tl (hd A)) (tl A); 

A:= tl A; (* write X *) 

write A 


For the general translation we will pack the variables XI, ..., Xn together by cons'ing to 
form a list (XI • • • Xn). More efficient translated programs could be obtained by packing 
into balanced trees instead of lists. 

Definition 3.7.3 Define tl°E = E and tl 2+1 E = tl 2 (tlE). Given a program p with input 
variable XI and output X2, apply the transformation p defined in Figure 3.6. 


Proposition 3.7.4 _ is a compiling function from WHILE to I. 
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read XI; C; write X2 = 

readA;A: consAnil;C; 

/ / / 


A := hd(tlA); writeA 

Cl ; C2 

= Cl ; C2 

while E do C = 

= while E do C 

Xi := E 

A: consTi(... (consT nil)...) 


where T* E and T j 2ULj ^ L 

Xi 

= hd(tl i_1 A) 

d 

= d 

cons El E2 = 

= cons El E2 

hd E 

= hd E 

tl E 

= tl E 

=? El E2 

= =? El E2 


Figure 3.6: Transformation rules from WHILE to I. 


3.7.2 Restriction to one operator 

Definition 3.7.5 Restrict the syntax of WHILE programs as follows arriving at 
WHILE lop . 

E ::= X 

d 

cons X Y 
hd X 
tl X 
=? X Y 

Note that in assignments the expression may contain at most one operator, and in while 
loops the tested expression must contain no operators at all. The semantics and running 
times is the same as for WHILE programs. 

Any WHILE program p can be translated into a WHILE lop program with the same 
semantics. The problem is to break complex expressions and while tests into simple ones. 
This can be done systematically introducing new variables and assignment statements. 


C ::= X := E 

Cl ; C2 
while X do C 

P ::= read X; C; write Y 


Example 3.7.6 The program 
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read XY; 

X := hd XY; 

Y := tl XY; 
while (hd X) do 

Y := cons (hd X) (cons (tl Y) (hd Y)); 

X := tl X ; 

write Y 

can be translated into: 

read XY; 

X := hd XY; 

Y := tl XY; 

Z := hd X; 
while Z do 

A := hd X; 

B := tl Y; 

C := hd Y; 

D := cons B C; 

Y := cons A D; 

X := tl X; 

Z := hd X; 
write Y 

We state the general translation using the informal syntax, but it could clearly be ex¬ 
pressed via the representation introduced earlier. 


Definition 3.7.7 Given a program p, construct the transformed program p by applying 
the rules given in Figure 3.7 recursively. Variables Y, Yl, Y2 are fresh variables, chosen 
anew every time a rule containing them is used. 

Proposition 3.7.8 _ is a compiling function from WHILE to WHILE lop . 

Proof. See the Exercises. 


Exercises 


3.1 Show how one can compile from S —programs to L —programs, if given an 5-interpreter 
written in L and a L-specializer. State appropriate assumptions concerning the relation¬ 
ships between various input and output domains. □ 


3.2 Prove Proposition 3.7.4. 


n 
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read X 


write Y 


read X; C ; write Y 


Cl ; C2 
while E do C 


Cl : C2 


Y:=E ; {while Y do C ; Y:=E | 


z 

=Y 




z 

=d 




z 

=cons 

El 

E2 

z 

=hd 

E 



z 

=tl 

E 



z 

= c= 

=? 

• 

El 

E2) 


Z: =Y 
Z :=d 

Y1:=E1 ; Y2:=E2 ; Z:=cons Y1 Y2 
Y:=E ; Z:=hd Y 


Y:=E : Z:=tl Y 


Y1:=E1 ; Y2:=E2 ; Z 


= (=? Y1 Y2) 


Figure 3.7: Transformation rules from WHILE to one-operator form. 


3.3 Prove Proposition 3.7.8. □ 

3.4 Can one compile an arbitrary WHILE program into an equivalent with only one vari¬ 
able and one operator per command, i.e. can one combine the results of Propositions 3.7.8 
and 3.7.4? 

A partial answer: explain what happens when these two compilations are combined. A 
full answer: establish that such a compilation is possible (by a construction) or impossible 
(by a proof). 4 □ 


References 

The practical and theoretical study of compilers and interpreters constitutes a branch 
of Computer Science. An introduction to interpreters can be found in [93]. A good 
introduction to compiler technology can be found in [3]. The compiler and interpreter 
diagrams are due to Bratman [18]. As mentioned, interpretation, compilation, and spe- 

4 Hint, in case the answer is negative: To show that not every program in L-programs can be simulated 
by some M-program, it is enough to give a property V(f) such that a) P([[p]] M ) holds for all p £ M -programs, 
i.e., V is satisfied by every function computable by any M-program; and b) exhibit an L-program q such 
that [[q]] L does not satisfy property V . 

This approach requires three things: first, find a suitable property V] second, show that it holds for 
every function computed by any M-program; third, find an L-program q whose computed function fails 
property V. 
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cialization all play important roles in computability and complexity theory, and we will 
say more about all three types of programs in due course. 

The practical study of specializers is yet another branch of Computer Science, also 
called partial evaluation , see e.g. the textbook [89] or survey article [87]. 




Part II 





4 Self-interpretation: Universal Programs 
for WHILE and I 


Our first example of a universal program is an interpreter for WHILE written in WHILE, 
developed in Section 4.1. We then develop a universal program in and for the subset 
called I, in which programs have only one variable, in Section 4.2. Both of these self¬ 
interpreters will be used extensively in the remainder of the book. 

4.1 A universal program for the WHILE language 

We first develop an interpreter in WHILE for WHILE programs that use only a single 
variable, and then modify this interpreter so as to interpret the full WHILE language. 

Let { :=, ;, while, var, quote, cons, hd, tl, =?, nil } denote 10 distinct elements 
of ID mentioned in Definition 3.2.1, and let { dohd, dotl, docons, doasgn, dowh, do=? } 
denote 6 more values in ID, distinct from the first 10 and from each other. 

4.1.1 Interpretation of a subset of WHILE in WHILE 

Proposition 4.1.1 There exists a WHILE program ulvar such that [[ulvar]] (p. d) = 
Up]] (d) for all p G I -programs and all d G WHILE -data. □ 

Proof. The overall structure of the program is given in the following program fragment 
where STEP is the sequence of commands in Figure 4.1 (explained below). Exercise 4.1 
is to prove correctness of the algorithm. 

read PD; (* Input (p.d) *) 

P := hd PD; (* P = ((var 1) C (var 1)) *) 

C := hd (tl P) (* C = hd tl p program code is C *) 

Cd := cons C nil; (* Cd = (c.nil), Code to execute is c *) 

St := nil; (* St = nil, Stack empty *) 

VI := tl PD; (* VI = d Initial value of var.*) 

while Cd do STEP; (* do while there is code to execute *) 

write VI; 

Input is a program in the abstract syntax of Definition 3.2.1. (Input and output are 
through the first and only variable, hence the (var 1)). The program uses three vari¬ 
ables: Cd, St, VI. The first is the code stack , Cd, holding the code to be executed. Intially 
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rewrite [Cd, St] by 


[ ((quote D).Cr), 

St 



[Cr, 


cons D 

St] 

[((var 1).Cr), 

St 


=> 

[Cr, 


cons VI 

St] 

[((hd E).Cr), 

St 



[cons* 

E 

dohd Cr, 

St] 

[(dohd.Cr), 

(T. Sr)] 

=> 

[Cr, 


cons (hd T) 

Sr] 

C((tl E).Cr), 

St 



[cons* 

E 

dotl Cr, 

St] 

[ (dotl.Cr), 

(T. Sr)] 

=> 

[Cr, 


cons (tl T) 

Sr] 

[((cons El E2).Cr), 

St 

] : 


[cons* El 

E2 docons Cr, 

St] 

[ (docons.Cr), 

(U.(T.Sr)) 

] 


[Cr, cons (cons T U) 

Sr] 

[((=? El E2).Cr), 

St 

] 


[cons* 

El E2 do=? Cr, 

St] 

[ (do=?.Cr), 

(U.(T.Sr)) 

] 


[Cr, 


cons (=? T U) 

Sr] 

[((; Cl C2).Cr), 

St 

] 


[cons* 

Cl C2 Cr, 

St] 

[((:= (var 1) E).Cr), 

St 

] 


[cons* 

E 

doasgn Cr, 

St] 

[(doasgn.Cr), 

(W.Sr) 

] =>{Cd := Cr; 

St := Sr; VI: : 

= W;} 

[ ((while E C).Cr), 

St ] => 

[cons* 

E dowh 

(while EC) Cr, 

St] 

[(dowh.((while E C).Cr)), (nil.Sr)] 


[Cr, 



Sr] 


[(dowh. ((while E C) . Cr)) , ((D. E) . S) ] [cons* C (while EC) Cr, S] 
[nil, St] =>■ [nil, St] 

Figure 4-1: The STEP Macro. 


this is the whole program. The second is the value stack , St, holding intermediate results. 
Finally, the third variable is VI, the store holding the current value of the single program 
variable. Initially this is d, the input to program p. 

The effect of the sequence of commands STEP, programmed using the rewrite short¬ 
hand notation, is to test what the next instruction in Cd is and update variables Cd, St, 
VI accordingly. Recall the skip and cons* notations from Section 2.1.7. 

Expression evaluation and command execution are based on the following invariants : 
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[(E.Cd), St, d] =>* [Cd, (e.St), d] iff £ [[E]] [X d] = e 

[(C.Cd), St, d] =>* [Cd, St, e] iff C h [X I » d]->[X^e] 

Suppose that, at some point, p evaluates expression E in store [X i—> d] to e, i.e. £\Ej [X i—> 

d] = e. Suppose initially the values of Cd, St, VI in ulvar will be (E.Cr), S, d, i.e. E will 
be on top of the code stack. Then after a number of iterations of STEP, the new values 
will be Cr, (e. S), d, i.e. the code for E will be popped from the code stack, and the value 
of E will be pushed to the value stack. The store remains unchanged. 

For example if the three values are ((hd E) .C), S, and d, then after one iteration 
of STEP the values are (E. (dohd.C)), S, d. This signifies that first the expression E is 
to be evaluated, and then afterwards the hd must be taken. By the invariant, after a 
number of iterations of STEP the values are (dohd.C), (e.S), and d where e is the value 
of E in the given store. Supposing e = (el.e2), after one more iteration the values are 
C, (el.S), d. So the overall effect, starting from the original values ((hd E) .C), S, d 
has been to calculate the value of hd E and push it to the value stack while popping the 
expression from the code stack. 

Command execution is based on a similar invariant. Suppose that, at some point, p 
executes command C in store [X i—>• d] arriving at a new store [Xm e], i.e. C h [X i—>• d] — > 
[Xf-4 e]. Assume the values of Cd, St, VI are (C.Cr), S, d, i.e. C is on top of the code 
stack. Then after a number of iterations of STEP, the new values will be Cr, S, e, i.e. 
the code for C will be popped from the code stack, the value stack is unchanged, and the 
new value for X will have been saved in the store. □ 

It is not hard to see that the evaluation of any expression terminates in a fixed number of 
steps; the only source of possible nontermination is in the rules implementing the while 
command. This is addressed in Exercise 4.2. 

4.1.2 Interpretation of the full WHILE language 

We now show how the interpreter ulvar for single-variable programs can be extended 
to accomodate programs using several variables. For this it is useful to have available 
certain techniques which we first develop. The construction is straightforward and uses 
the lookup and update functions from Section 3.4.2. 


Theorem 4.1.2 There exists a WHILE program u such that for all p G WHILE -programs 
and all d G \JEILE-data we have Jp]](d) = [[u] (p.d). □ 
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Proof. The overall structure of the program is given in the program fragment of Fig¬ 
ure 4.2, where STEP is similar to the earlier command sequence. 


read PD; 


(* Input (p.d) 

*) 

Pgm 

= hd PD; 


(* p = ((var i) c (var j)) 

*) 

D 

= tl PD; 


(* D = d (input value) 

*) 

I 

= hd (tl (hd Pgm)) 


(* I = i (input variable) 

*) 

J 

= hd (tl (hd (tl (tl 

Pgm)))); (* J = j (output variable) 

*) 

C 

= hd (tl Pgm)) 


(* C = c, program code 

*) 

VI 

= update I D nil 

c* 

(var i) initially d, others nil 

*) 

Cd 

= cons C nil; 

c* 

Cd = (c.nil), Code to execute is c 

*) 

St 

= nil; 

c* 

St = nil, computation Stack empty 

*) 

while Cd do STEP; 

c* 

do while there is code to execute 

*) 

Out : 

:= lookup J VI 

c* 

Output is the value of (var j) 

*) 

write 

Out; 





Figure 4-2: Universal program u. 


In contrast to VI in the preceding version, VI is now a list of k variables. Initially all 
these are bound to nil, except the input variable V^ which is bound to the input d. The 
output is now the value of variable Vj at the end of execution. The new version of STEP 
is identical to the preceding one, except for the cases: 


[((var J).Cr), 

St ] 

» Cd 

• • 

ii 

o 

\# • 

X := lookup J VI; St:=cons 

X St; 

[((:= (var K) E).Cr), 

St] 

=> Cd 

:= cons* E doasgn K Cr; 


[ (doasgn.(K.Cr)), 

(T.Sr) ] = 

=> Cd 

:= Cr; 

St := Sr; VI := update K T 

VI; 


n 


The program u is called a self-interpreter in programming language theory, because it 
interprets the same language as it is written in. In computability theory u is called a 
universal program , since it is capable of simulating any arbitrary program p. 


4.2 A universal program for the I language 

Recall the interpreter ulvar for one-variable WHILE programs constructed in Section 4.1.1. 
We obtain a universal program for I by applying methods from Section 3.7 to ulvar. 

Program ulvar is not a self-interpreter for I, since it itself uses more than one variable, 
for example Cd and St. We now describe how a 1-variable universal program can be built, 
using the example compilations from Section 3.7. 
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We now construct from ulvar a true self-interpreter i for I. This is easily done, 
since the “packing” technique of Proposition 3.7.4, translates program ulvar into an 
equivalent one-variable program i with [[ij 1 = [[iJ WHILE = [[ulvar]] WHILE . We have thus 
proven 

Theorem 4.2.1 There exists a self-interpreter i for I using the concrete syntax of Def¬ 
inition ??. 


Exercises 

4.1 * Prove that [p]](d) = [[ulvar]] (p.d) for all 1-variable p G WHILE -programs and all d G 

ID. This can be done by induction on the lengths of computations of program execution 
and execution of the interpreter. □ 

4.2 Show that for any WHILE-program p without any WHILE commands and for all 
d G ID, it holds that [[ulvar]] (p.d) |. This can be done by induction on the length of p. □ 

4.3 Extend the WHILE language with a construction repeat C until E, with a Pascal¬ 

like semantics. Explain the semantics informally, e.g. when is E evaluated? Extend ulvar 
so as to interpret this new construction (still for programs with one variable). □ 


References 

A universal program first appeared in Turing’s paper [170], and in practically every book 
on computability published since then. The universal program for I much resembles the 
one sketched in [85]. 
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Chapter ?? set up our model WHILE of computation, Chapter 3 gave a way to pass 
WHILE programs as input to other WHILE programs, and Chapter 4 showed the 
existence of universal programs. We are now in a position to state and prove some of the 
fundamental results of computability theory, including those that were informally proven 
in Chapter 1. 

Section 5.1 defines the notions of computable function and decidable set, and the two 
related notions of semi-decidable and enumerable sets. Section 5.2 presents a special- 
izer for WHILE programs. Section 5.3 proves that the halting problem is undecidable. 
Section 5.4 proves that all properties of WHILE programs that depend only on the pro¬ 
gram’s input-output behaviour are undecidable. Section 5.5 proves some properties of 
decidable and semi-decidable sets, and Section 5.6 shows that the halting problem is 
semi-decidable. Section 5.7 proves some properties of enumerable and semi-decidable 
sets. 


5.1 Computability, decidability, enumerability 

As mentioned earlier, a function is henceforth called computable if it is computed by 
some WHILE program: 

Definition 5.1.1 A partial function / : ID —> is WHILE computable iff there is a 

WHILE program p such that / = [p], i.e. for all d,e G ID: 

1. If / (d) = J_ then [[p]] (d) = _L. 

2. If / (d) = e G ID then [[p]] (d) = e. □ 

A set A will be called decidable if the membership question for A can be answered by a 
program that always terminates. If the program possibly loops on elements outside A , 
the set will be called semi-decidable. 

We will show semi-decidability equivalent to enumerability , where a set A is called 
enumerable if there is some program that lists all and only the elements of A in some 
order. This allows repetitions, and does not necessarily list A's elements in any specific 
order, for instance the order need not be increasing or without repetitions. 

Definition 5.1.2 
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1. A set A C ID is WHILE decidable iff there is a WHILE program p such that [[p]] (d) j 
for all d G ID, and moreover d G A iff [p]](d) = true. 

2. A set A C ID is WHILE semi-decidable iff there is a WHILE-program p such that for 
all d G ID: d G A iff [[pj(d) = true. 

3. A set A C ID is WHILE enumerable iff A = 0 or there is a WHILE program p such 

that for all d G ID : [[p](d)i, and A = {[[p]](d) | d G ID}. □ 

5.2 Kleene’s s-m-n theorem 

Recall from Chapter 3 the notion of a specializer. We now prove that there exists a 
program specializer from WHILE to WHILE written in WHILE. 

Theorem 5.2.1 There is a WHILE program spec such that for all p G WHILE— programs 
and s G WHILE— data, [[specj(p.s) G WHILE— programs, and for all d G WHILE— data 

[[[spec]] (p.s)]](d) = [p]](s.d) 


Proof. Given a program p: 
read X; C; write Y 

Given input s, consider the following program p s 
read X; X := cons s X; C; write Y 

It clearly holds that Jp]](s.d) = [[p s ](d). It therefore suffices to write a program that 
transforms the pair (p.s) into p s , when both p s and p are expressed as data values in 
ID. The program p is expressed as data by: 

((var i) C (var j)) 

where C is the data representation of C. Then p s expressed as data is: 

((var i) (; (:= (var i) (cons (quote s) (var i))) C) (var j)) 

Transformation from p to p s is done using the following program, spec, which uses the 
list notation of Section 2.1.7. The "cons", " : = " and ";" in ConsExp : =. . ., NewC: =. . ., 
and AssignX: = . . . are distinct values in ID, as in Definition 3.2.1. 
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read PS; 




(* 

PS is 

; ( 

((var i) 

C (var j)).s) 

*) 

P 

= hd 

PS; 


(* 

P is 

(C 

var i) C 

(var j)) 

*) 

S 

= tl 

PS; 


(* 

S is 

s 



*) 

Vari 

= hd 

P; 


(* 

Vari 

is 

(var i) 


*) 

C 

= hd 

(tl 

P) 

(* 

C is 

C 



*) 

Var j 

= hd 

(tl 

(tl P)); 

(* 

Var j 

is 

(var j) 


*) 


QuoteS := list "quote" S; 

ConsExp := list "cons" QuoteS Vari; 

AssignX := list "Vari ConsExp; 

NewC := list ";" AssignX C ; 

NewP := list Vari NewC Varj; 
write NewP; 

□ 

The same idea can be generalized to specialize programs accepting m + n arguments to 
their first m arguments. This is known in recursive function theory as Kleene’s s-m-n 
theorem , and plays an important role there. 

The specializer above is quite trivial, as it just “freezes” the value of X by adding a 
new assignment. It seems likely that spec could sometimes exploit its knowledge of p’s 
first input more extensively, by performing at specialization time all of p’s computations 
that depend only on s. This can indeed be done, and is known in the programming 
languages community as partial evaluation. We return to this topic in the next part of 
this book. 


5.3 Unsolvability of the halting problem 

We now show that the unsolvability of the halting problem for WHILE-programs implies 
that many other problems are unsolvable. This also includes many natural problems, as 
we shall see in Chapter 10. 


Theorem 5.3.1 The total function 


halt (a) 


true if a = (p.d) and [[pj(d)| 
false otherwise 


is not computed by any WHILE-program. 



Proof. The proof of Proposition 1.4.4 applies perfectly well to WHILE-programs. 


□ 
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The halting problem above is formulated as the problem of computing the function 
halt ; as such it is uncomputable. One can also formulate the same problem as one of 
deciding membership of the subset of ID: 

HALT = {(p.d) | p G WHILE— programs, d G WHILE— data, and [[p]](d)|} 

It is easy to see that this set is undecidable. If it were WHILE decidable, it would follow 
easily that halt is computable. Similarly, if halt were WHILE computable, it would 
follow immediately that HALT is WHILE decidable. 

5.4 Rice’s theorem 

Rice’s theorem shows that the unsolvability of the halting problem is far from a unique 
phenomenon; in fact, all nontrivial extensional program properties are undecidable. 

Definition 5.4.1 

1. A program property A is a subset of WHILE -programs. 

2. A program property A is non-trivial if WHILE -programs. 

3. A program property A is extensional if for all p,qG WHILE— programs such that 

[p] = [[qj it holds that p G A if and only if q G A. □ 

In other words, a program property is specified by divisiding the world of all programs into 
two parts: those which have the property, and those which do not. A non-trivial program 
property is one that is satisfied by at least one, but not all, programs. An extensional 
program property depends exclusively on the program’s input-output behaviour, and 
so is independent of its appearance, size, running time or other so-called intensional 
characteristics. 

An example property of program p is the following: is [[pj(nil) = nil? This is 
extensional, since Jp]] = [[q] implies that [p]](nil) = nil if and only if [[q]](nil) = nil. 
On the other hand, the following program property is nonextensional: is the number of 
variables in p more than 100? This is clear, since one can have two different programs p, 
q that compute the same input-output function [[p]] = [[qj : ID —» D^, but such that one 
has more than 100 variables and the other does not. 


Theorem 5.4.2 If A is an extensional and nontrivial program property, then A is un¬ 
decidable. □ 
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Proof. Assume that nontrivial A is both extensional and decidable. We will show that 
this implies that the halting problem is decidable, which it is not. Let b be a program 
computing the totally undefined function: [[b]] (d) = J_ for all d G ID, e.g., 

read X; while true do X := X; write Y 

Assume to begin with that A contains b. By extensionality, A must also contain all other 
programs computing the totally undefined function. By nontriviality of A there must be 
a program c in WHILE-programs which is not in A. 

We now show how the halting problem (is [[p](e) = _L?) could be solved if one had a 
decision procedure for A. Suppose we are given a program of form: 

p = read Y; C; write Result 

in WHILE-pragrams, and a value e G ID of its input, and we want to decide whether JpJ](e) 
= _L. Without loss of generality, programs p and c have no variables in common (else 
one can simply rename those in p). Construct the following program q (using the macro 
notation of Subsection 2.1.7): 

read X; (* Read X *) 

Resultp := p e; (* First, run program p on the constant e *) 

Resultc := c X; (* Then run program c on input X *) 

write Resultc 

Clearly if [[pj ( e )T, then ([q]](d)| for all d G ID. On the other hand, if [[p]]( e )l> then [[qj (d) 
= Jc]](d) for all d G ID. Thus 

i n = J M if [[pK e ) = J - 

If p does not halt on e then [[q] = [[b]] , so extensionality and the fact that b G A implies 
that q G A. If p does halt on e then [[q] = JcJ], and again by extensionality, c ^ A implies 
q ^ A. Thus p halts on e if and only if q ^ A, so decidability of A implies decidability of 
the halting problem. 

The argument above applies to the case b G A. If b ^ A then exactly the same 
argument can be applied to A = WHILE-pragrams\A Both cases imply the decidability 
of the halting problem, so the assumption that A is decidable must be false. □ 

In conclusion, all nontrivial questions about programs’ input-output behaviour are 
undecidable. For example 
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• Does [[pj(nil) converge? 

• Is the set {d | Jp]](d)} converges a finite set? An infinite set? 

• Is Up]] a total function? 

and many others. 

5.5 Decidable versus semi-decidable sets 

In this section we present some results about WHILE decidable and semi-decidable sets. 
In one of these results we encounter the first application of our interpreter u. 

Theorem 5.5.1 

1. Any finite set A C D is decidable. 

2. If A C ID is decidable then so is D \ A. 

3. Any decidable set is semi-decidable. 

4. A C D is decidable if and only if both A and D \ A are semi-decidable. □ 

Proof. 

1. If A = {dl, ... ,dn} C ID, then it can be decided by program 

read X; 

if (=? X dl) then X := true else 

if (=? X d2) then X := true else 

if (=? X dn) then X := true else 

X := false; 

write X 

2. Let p = read X; C; write R decide A. Then 1D\A is decided by 

read X; 

C; 

R := not R; 
write R; 

3. Obvious from Definition 5.1.2. 
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4. “Only if” follows from 3 and 2. For “if,” we use a technique called dovetailing. The 
idea is to simulate two computations at once by interleaving their steps, one at a 
time 1 . Suppose now that A is semi-decided by program p: 

read XI; Cl; write R1 
and that ID \ A is semi-decided by program q: 

read X2; C2; write R2 

where we can assume that Cl and C2 have no variables in common. 

Given d G D, if d G A then [[pj| (d) = true, and if dG D\4 then [[q]](d) = true. 
Consequently one can decide membership in A by running p and q alternately, one 
step at a time, until one or the other terminates with output true. 

This is easily done using the universal program for WHILE; the details are left 
to the reader in an exercise. □ 

Theorem 5.5.2 

1. If A,B are decidable then AUB and AnB are both decidable. 

2. If A,B are semi-decidable then AnB and AnB are both semi-decidable. □ 


5.6 The halting problem is semi-decidable 

Theorem 5.3.1 established that the halting problem is undecidable. Now we show that 
it is semi-decidable. 

Theorem 5.6.1 The halting problem for WHILE-programs is semi-decidable. □ 

Proof. This is provable by means of the universal program u for WHILE: 

read PD; 

VI:= u PD; 
write true; 

where we have used the macro notation VI := u PD. Given input (p.d), the sequence of 
commands for VI := u PD will terminate if and only if program p terminates on input 
d. Thus the program above writes true if and only if its input lies in HALT. □ 

1 Dovetailing of unboundedly many computations at once will be used in Exercise 13.5 and in Chap¬ 
ter 20. 
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Corollary 5.6.2 ID \ HALT is neither decidable nor semi-decidable. □ 

Proof. Immediate from Theorem 5.5.1. □ 


5.7 Enumerability related to semi-decidability 

It is not hard (though not as easy as for IN) to show that the elements of ID can be 
enumerated in sequence, one at a time: 

Lemma 5.7.1 

1. There is an enumeration do, di, ... of all elements of ID such that do = nil, and 
no elements are repeated; 

2. There are commands start and next such that for any i > 0, the value of variable 
New after executing [start; next; . . . ; next]] (with i occurrences of next) is d^. 


Program start: 

L := (); 

N := (nil); 

New := hd N; 

Program next: 

N := tl N; 

Old := L; 

Tmp := cons (cons New New) nil; 
while Old do 

Tmp := cons (cons New (hd Old)) Tmp; 

Tmp := cons (cons (hd Old) New) Tmp; 

Old := tl Old; 

N := append N Tmp; 

L := cons New L; 

New := hd N; 

Figure 5.1: Enumerating ID. 

Proof. Figure 5.1 shows WHILE codes for start, next. Explanation: they follow the 
defining equation ID = {nil} UDxD, using the fact that if X C ID and d ^ X, then 

(X U {d}) x (XU {d}) = X x X U {(d.d)}U 

{(d.x) | xGl}U{(x.d) | xGl} 
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The trees created are placed on the list N. They are moved to the list L once they have 
served their purpose in creating bigger trees, and New will always be the first element 
of N. Thus initially, N contains the single tree nil and L is empty. Every time next is 
performed, one tree New is removed from the list N and paired with all the trees that are 
already in L as well as with itself. The trees thus created are added to N, and New itself 
is added to L. 

The following claims are easy to verify: 

(1) Every iteration adds a single element to L. 

(2) Every element of D is eventually put on L. □ 

5.7.1 Enumerability characterized by semi-decidability 

Theorem 5.7.2 The following statements about a set A CD are equivalent: 

1. A is WHILE enumerable. 

2. A is WHILE semi-decidable. 

3. A is the range of a WHILE computable partial function, so for some p: 

A = {Ip]]( d ) I d e D and [[pj(d) ^ _L} 

4. A is the domain of a WHILE computable partial function, so for some p: 

H = {delD | [p]](d)^_L} 

□ 


Proof. We show that 1 implies 2, 2 implies 3, 3 implies 1, and 2 is equivalent to 4. 

1 => 2. If A = 0 then 2 holds trivially, so assume there is a WHILE program p such 
that for all d G ID : [[pj(d)l, and A = {[[p]( d ) I d £ ID}. Let do, di,.. .be as in the 
enumeration of Lemma 5.7.1. 


read D; 

start; GO := 
while GO do 


write true 


true 

Y := p New; 

if (=? Y D) then G0:=false; 
next; 


Figure 5.2: 1 => 2. 
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The program of Figure 5.2, given input d, computes [[p]] (do), [p]] (di),..and com¬ 
pares d to each in turn. If d = d* for some i, then p terminates after writing true. 
If d yf di for all i then p will loop infinitely, sufficient for 2. 

2 => 3. Assume that A is semi-decided by program p of form read I; C; write R, and 
construct the program q of Figure 5.3. 


read I; 

Save := I; 

C; 

if R then SKIP else while true do SKIP; 
write Save 

Figure 5.3: 2^3. 


Clearly Jp]](d) j and [[p]] (d) = true together imply [[q]] (d) = d. On the other hand, 
if either [[p](d)T or M( d ) 7^ true, then [q]](d)|. Thus d G A iff [[qj(d) = d, so 

A = {[[qJK e ) I e € D and [fq]](e)J.}. 


3 1. If A = 0 then 1 holds trivially, so assume A contains at least one member dO, and 

that A is the range of partial function [[p]], where p= ( (var nil 1 ) C (var nil 1 )), 
i.e. A = rng([[p]]). Define / such that /(nil) = dO and 



[[pj(d) if p stops when applied to d within |e| steps 
dO otherwise 


/ is obviously total. Claim : A = rng(/). Proof of C: if a G A = rng([[p]) then 
a = [[p]](d) for some d G ID. Thus p, when applied to d, terminates within some 
number of steps, call it m. Then clearly 


/(l m .d) = UpJ (d.) = a 


so a G rng(/). Proof of D: Values in the range of / are either of form [[p]](d) and so 
in the range of [pj and so in A , or are dO which is also in A. Finally, the program 
q of Figure 5.4, using the STEP macro from the universal program u, computes /. 

2 4. A program p which semi-decides A can be modified to loop infinitely unless its 

output is true, hence 2 implies 4. If p is as in 4, replacing its write command by 
write true gives a program to semi-decide A. □ 
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read TD; (* Input (t.d) *) 

D := tl TD; (* D = d *) 

VI := update nil D nil (* (var nil 1 ) init’ly d, others nil *) 
Cd := cons C nil; (* Cd = (C.nil), Code to execute is C *) 

St := nil; (* St = nil, Stack empty *) 

Time := hd TD; (* Time = t, Time bound is t *) 

while Cd do (* Run p for up to t steps on d *) 

STEP; Time := tl Time; 


if (=? Time nil) then Cd := nil; (* Abort if time out *) 

if Time (* Output dO if time ran out, else nil 1 value *) 

then Out := lookup nil 1 VI else Out := dO; 
write Out; 

Figure 5.4: 3 => 1. 


5.7.2 Recursive and recursively enumerable sets 

The preceding theorem justifies the following definition of two of the central concepts 
of computability theory. Even though at this point only WHILE and I languages have 
been considered, we will see as a result of the “robustness” results of Chapter 8 that the 
concepts are invariant with respect to which computing formalism is used. 

Definition 5.7.3 A set A is recursive (also called decidable ) iff there is a program [pj 
that decides the problem x G A?. A set A is recursively enumerable (or just r.e., for 
short) iff there is a program [[p]] that semi-decides the problem x G A?. 


Exercises 

5.1 Consider a language WHILE-f orloop which is just like WHILE, except that instead of 
the while command, WHILE-f orloop has a command 

for X := alltails(E) do C 

Its informal semantics: First, E is evaluated to yield a value d. If d = (dl .d2), then X is 
first bound to d, and command C is executed once. The same procedure is now repeated 
with X being bound to d2. In this way command C is executed repeatedly, until X is 
bound to the atom nil (which must eventually happen). At that time the for command 
terminates and control goes to the next command. 
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1. Define the semantics of WHILE-f orloop by rules similar to those for the WHILE- 
semantics, and semantic function [p]] FL . 

2. Show how WHILE-f orloop programs can be translated into equivalent while- 
programs. 

3. Prove that your construction in (2) is correct using the semantics for WHILE and 
your semantics from (1) for WHILE-f orloop. 

4. Is the halting problem decidable for WHILE-f or loop-programs? 

5. Can all computable functions be computed by WHILE-f or loop-programs? □ 

FL 

5.2 Define the total function g by: g( p) = not [[p]] (p) any WHILE-f orloop-program p. 

Prove that g is not computable by any WHILE-f orloop-program; and prove that g is 
WHILE-program computable. 

Consequence: the WHILE-f orloop language cannot simulate the WHILE language. □ 

5.3 Prove that it is undecidable whether a given program computes a total function. □ 

5.4 Hint: show that it is undecidable whether a program computes the identity function, 

and derive the more general result from this. □ 

5.5 Use Rice’s theorem to prove that unnecessary code elimination is undecidable: given 
a program p 

read X; Cl; while E do C; C2; write Y 

with an identified while command, it is undecidable whether test E will be false every 
time control reaches the command. □ 

5.6 Prove Theorem 5.5.1 part 4. Hint: you will need two copies of the universal program. 

□ 

5.7 * Prove Theorem 5.5.2. Hint: the results for decidable A,B are straightforward, as 

is semi-decidability of ACB. For semi-decidability of 4U5, use Theorem 5.7.2, or the 
“dovetailing” technique of Theorem 5.5.1, Part 4. □ 

5.8 List the first 10 elements of ID as given in Lemma 5.7.1. □ 


5.9 Use induction to prove the two claims made about the enumeration of ID in the proof 
of Lemma 5.7.1. □ 
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5.10 * The pairs in list Tmp (Lemma 5.7.1) are added to the end of list N by append. 

Show that the simpler alternative of adding them to the start of N does not work. What 
goes wrong in the proof of the previous Exercise 5.9 if this change is made? □ 

5.11 Devise alternative start and next commands that take only 0(n) time when next 

is called, where n is the length of list L. Hint: find a faster way to achieve the effect of 
append. More variables may be used, if convenient. □ 

5.12 * Devise alternative start and next commands that take only constant time when 

next is called. Hint: at each next call the only essential action is that a new element is 
added to L. Find a way to defer the addition of elements to N until needed. One method 
can be found in [21]. □ 

5.13 Show that if an infinite set is WHILE enumerable, then it is WHILE enumerable 

without repetitions (i.e. the range of a one-to-one effective total function). □ 

5.14 Let ID be ordered as in Lemma 5.7.1. Show that an infinite set A can be enumer¬ 

ated in increasing order (i.e., is the range of a strictly increasing function) if and only if 
it is decidable. □ 

5.15 Show that a set A ^ 0 is decidable if it is 

• the range of a WHILE computable total monotonic function; or 

• the range of a WHILE computable total function greater than the identity. □ 

5.16 * Show that any infinite WHILE enumerable set must contain an infinite WHILE 

decidable subset. Hint: use the result of Exercise 5.14. □ 

5.17 Show that there exists a fixed program po such that determination of whether 
Jpo]] (d) terminates for a given d G B is undecidable. 
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6 Metaprogramming, Self-application, and 
Compiler Generation 


In this chapter we investigate some aspects of computability pertaining to running times , 
i.e. the number of steps that computations take. Two aspects are given special atten¬ 
tion: execution of metaprograms , i.e. compilers, interpreters, and specializes, and self¬ 
application , e.g. application of a program to itself, and in particular a specializer. 

The main purpose of this chapter is not to prove new results in computability theory 
(although the Futamura projections may be new to some theorists.) Rather, our main 
aim is to link the perhaps dry framework and results of this book's material through 
Chapter 5 to daily computing practice. 

This involves relating the time usage of compilation and interpretation; the deleterious 
effects of multiple levels of interpretation; the use of “bootstrapping” (a form of self¬ 
application) in compiling practice to gain flexibility and speed. Last but not least, the 
Futamura projections show how, using a specializer and an interpreter, one may compile , 
generate compilers , and even generate a compiler generator , again by self-application. 
Interestingly, the Futamura projections work well in practice as well as in theory, though 
their practical application is not the subject of this book (see [89].) 

Section 6.1 first introduces running times into the notion of a programming language 
arriving at a timed programming language. Section 6.2 is concerned with with inter¬ 
pretation. Section 6.3 describes self-application of compilers, and Section 6.4 introduces 
partial evaluation , the well-developed practice of using program specialization for auto¬ 
matic program optimization. Section 6.5 shows how it can be applied to compiling and 
compiler generation, and discusses some efficiency issues, showing that self-application 
can actually lead to speedups rather than slowdowns. 

The final two Sections (which readers focused more on theoretical issues may wish 
to skip) include 6.6 on pragmatically desirable properties of a specializer for practical 
applications; and Section 6.7, which sketches an offline algorithm for partial evaluation. 

6.1 Timed programming languages 

Definition 6.1.1 A timed programming language L consists of 

1. Two sets, L— programs and L —data; 
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2. A function [[•]] L : L —programs —» (L —data—* L—data±); and 

3. A function time L : L— programs — »(L— data^ IN±) such that for any p G L— programs 
and d G L —data, [[pJ L (d) = _L iff time £(d) = _L. 

The function in 2 is L’s semantic function , which associates with every p G L— programs 
a corresponding partial input-output function from L -data to L -data. The function in 3 
is L’s running time function which associates with every program and input the number 
of steps that computation of the program applied to the input takes. □ 

Much more will be said about program running times in the Complexity Theory parts of 
this book. In this chapter we discuss time aspects of interpretation, specialization etc. 
only informally, relying on the reader’s experience and intuition. 


6.2 Interpretation overhead 

In the first subsection we discuss overhead in practice, i.e. for existing interpreters, and 
the second subsection is concerned with self-application of interpreters. It will be seen 
that interpretation overhead can be substantial, and must be multiplied when one inter¬ 
preter is used to interpret another one. 

Section 6.4 will show how this overhead can be removed (automatically), provided 
one has an efficient program specializer. 

6.2.1 Interpretation overhead in practice 

In the present and the next subsection, we are concerned with interpreters in practice, 
and therefore address the question: how fast can an interpreter be, i.e. what are the lower 
bounds for the running time of practical interpreters. Suppose one has an S-interpreter 
int written in language L, i.e. 


int G 


S 

L 


In practice, assuming one has both an L-machine and an S-machine at one’s disposal, 
interpretation often turns out to be rather slower than direct execution of S-programs. 
If an S-machine is not available, a compiler from S to L is often to be preferred because 
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the running time of programs compiled into L (or a lower-level language) is faster than 
that of interpretively executed S-programs. 

In practice, a typical interpreter int’s running time on inputs p and d usually satisfies 
a relation 

a p • time p(d) < time\ nt (p.d) 

for all d. Here a p is a “constant” independent of d, but it may depend on the source 
program p. Often a p = c+/(p), where constant c represents the time taken for “dispatch 
on syntax” and /(p) represents the time for variable access. In experiments c is often 
around 10 for simple interpreters run on small source programs, and larger for more 
sophisticated interpreters. Clever use of data structures such as hash tables, binary 
trees, etc. can make a p grow slowly as a function of p’s size. 

6.2.2 Compiling (usually) gives faster execution than 

interpretation 

If the purpose is to execute S-programs, then it is nearly always better to compile than 
to interpret. One extreme: if S = L, then the identity is a correct compiling function 
and, letting q = [[comp]](p) = p, one has time^(d) = time^d): considerably faster than 
the above due to the absence of a p . Less trivially, even when S / L, execution of a 
compiled S-program is nearly always considerably faster than running the same program 
interpretively. 

6.2.3 Layers of interpretation 

Suppose a Lisp system (called L2) is processed interpretively by an interpreter written 
in Sun RISC machine code (call this LI). The machine code itself is processed by the 
central processor (call this LO) so two levels of interpretation are involved, as described 
in the interpreter diagram in Figure 6.1. 

The major problem with implementing languages interpretively is that the running 
time of the interpreted program is be multiplied by the overhead occurring in the inter¬ 
preter’s basic cycle. This cost, of one level of interpretation, may well be an acceptable 
price to pay in order to have a powerful, expressive language (this was the case with 
Lisp since its beginnings). On the other hand, if one uses several layers of interpreters, 
each new level of interpretation multiplies the time by a significant constant factor, so 
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L2 


Time Nested Interpreter 

Two interpretation levels consumption application 

Figure 6.1: Interpretation overhead. 

the total interpretive overhead may be excessive (also seen in practice). Compilation is 
clearly preferable to using several interpreters, each interpreting the next. 

Indeed, suppose now that we are given 

• An interpreter intj written in LO that implements language LI; and 

• An interpreter int^ written in LI that implements language L2. 

where LO, LI, and L2 all have pairing and concrete syntax, and all have the same data 
language. By definition of an interpreter, 

|]p2]] L2 (d) = [[int^]] L1 (p2.d) = [[intJ]] L0 (int^ . (p2.d)) 

One can expect that, for appropriate constants aoi? a i 2 and any Ll-program pi, L2- 
program p2 and data d, 



where <aoi><ai 2 are constants representing the overhead of the two interpreters (often 
sizable, as mentiond in the previous section). 

Consequently replacing pi in the first by intf and d by p2.d, and multiplying the 
second inequality by a 0 i we obtain: 
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aor time 11 2 ( p2.d) < time L0 1 (intf.(p2.d)) 

1 llu ^ 1XI U 



Thus aoi • 06 i 2 • time ^(d) < time L0 x (intf .(p2.d)), confirming the multiplication of inter- 

* int q 

pretive overheads. 


6.3 Compiler bootstrapping: an example of 

self-application 

The term “bootstrapping” comes from the phrase “to pull oneself up by one’s bootstraps” 
and refers to the use of compilers to compile themselves. The technique is widely used 
in practice, including industrial applications. Examples are numerous. We choose a 
common one, that of extending an existing compiler for language S to accept a larger 
language S', based on the following assumptions: 

1. The new language S' is a conservative extension of S. By definition this means that 
every S-program p is also an S'-program (so S-programs C S'-programs), and has 

Q/ 

the same semantics in both languages (so [[p]] s = Jp]p ). 

2. We have a compiler h E S-programs, from source language S to target language 
T available in source form. By definition of compiler, [[p]] s = [[[[h]] S (p)]] T for any 
S-program p. 

3. Further, we assume that we have an equivalent program t E T-programs available 
in target form, so Jh]] s = [[t] T . 

S —► T 

high-level compiler h E - - low-level compiler t E 

S 

Now h and t can be used to create a compiler from S' to T as follows: 

1. Rewrite the existing compiler h, extending it to make a compiler h' E S-programs 
for S', using only features already available in S: 
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high-level compiler h' £ 



This must be equivalent to h on the old source language S, so for all S-programs 

P) we have [[[[hf (p) f = ih'f (P) F- 

2. Now apply t to h' to obtain an S' compiler tl' in target language form: 


s' 


high-level compiler h' £ 


S' 


3 low-level compiler tl' 


low-level compiler t £ 


Now we have obtained the desired extended compiler tl' = [[t]] T (h'). It is easy to see 
that it is a target program equivalent to h', since: 


/TIT 


[til 


m T oo i 
m* oo i 

[hi s 


(substitution of equals) 

Since t and h are equivalent 
h compiles source program h' from S to T 


What happens if we continue this game? 


1. Use tl' to obtain an S' compiler t2' in target language form: 



2. Use 12' to obtain an S' compiler t3' in target language form: 



1 Note that this does not require h and h' to produce the same target code, just target code which 
will have identical effects when run. 
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Combining these runs, we get a compound diagram like those seen in [3]: 


h' | t3' i 






S' 

— 

T 


S' 

— 

T 

h 

/ -► 

S' 

— 

T 

S 

S' 

— 

T 

T 


S' 

— 

T 

s 

S' 

— 

T 

T 

t2' 


h' — 

S 

S 

— 

T 

T 

tl' 






t —► 

T 








These runs can be written more concisely as follows: 

tl' = [t] T (hO 

t2' = [tl'f (h') 

t3' = [t2'] T (hO 


Now tl' and t2' (and t3') are semantically equivalent since they are all obtained by 
correct compilers from the same source program, h': 



m T (ho r 
m* (to f 

m* (to r 

ffltF (to F (to F 
iti'F (tOF 

It2'F 


by definition of tl' 

Since t and h are equivalent 

since h' is a conservative extension of h 

since t is a compiler from S to T 

by definition of tl' 

by definition of t2' 


Note that tl' and t2' may not be textually identical, since they were produced by two 
different compilers, t and tl', and it is quite possible that the extended language S' may 
require different target code than S. 

However, one easily sees that t2' and t3' are textually identical since the compilers 
used to compile them are semantically equivalent: 

t2' = [tl'f (h') by definition of t2' 

= [[t2']] T (h') Since tl' and t2' are equivalent: [tl'J T = [[t2']] T 

= t3' by definition of t3' 


The difference between being semantical and syntactical identity of the produced com¬ 
pilers stems from the relationship between the compilers we start out with: t and h are 




94 Metaprogramming, Self-application, and Compiler Generation 


equivalent in the sense that given the same input program they produce syntactically the 
same output program. However h and h' are equivalent on S programs only in the sense 
that given the same program, the two output programs they produce are semantically 
equivalent (natural: when one revises a compiler, the old target code may need to be 

Note that bootstrapping involves self-application in the sense that (compiled versions 
of) h' are used to compile h' itself. Note also that self-application is useful in that it 
eases the tasks of transferring a compiler from one language to another, of extending a 
compiler, or of producing otherwise modified versions. 



6.4 Partial evaluation: efficient program 

specialization 


The goal of partial evaluation is to specialize general programs so as to generate efficient 
ones from them by completely automatic methods. On the whole, the general program 
will be more generic, and perhaps simpler but less efficient, than the specialized versions a 
partial evaluator produces. A telling catch phrase is binding-time engineering — making 
computation faster by changing the times at which subcomputations are done (see Figure 

3.4). 

The program specializer of Section 5.2 is very simple, and the programs it ouputs 
are slightly slower than the ones from which they were derived. On the other hand, 
program specialization can be done much less trivivally, so as to yield efficient specialized 
programs. This is known as partial evaluation , a field at the borderline between in 
programming language theory and practice. 

Consider, for instance, the following program, which reads a pair of numerals and 
returns the product. Data is assumed in “base 1” notation, addition is done by repeatedly 
adding 1 (succ below), and multiplication by repeated addition. 
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read XY; 

c* 

Input is a pair XY = (x.y) 

*) 

X := hd XY; 

c* 

Unary notation: X = nil 1 

*) 

Y := tl XY; 




P := 0; 

c* 

P will be the product 

*) 

while Y do 

c* 

Add X to P for Y times 

*) 

Y := pred Y; 




T := X; 




while T do 

c* 

Add 1 to P for X times 

*) 


T := pred T; 
P := succ P; 
write P; 


Suppose that we want to specialize this program so that X is 3 = nil 3 . Then we could 
get the following program: 

read Y; 

P := 0; 
while Y do 
Y := pred Y; 

P := succ P; 

P := succ P; 

P := succ P; 
write P; 

Rather than calling the first program with arguments of form (3.d) it is clearly better 
to use the second, more efficient program. A typical partial evaluator, i.e. specializer, 
will be capable of transforming the former into the latter. 


6.4.1 A slightly more complex example: Ackermann’s function 

Consider Ackermann’s function, with program: 

a(m,n) = if m =? 0 then n+1 else 

if n =? 0 then a(m-l,l) 
else a(m-l,a(m,n-l)) 

Computing a(2,n) involves recursive evaluations of a(m,n) for m = 0, 1 and 2, and 
various values of n. A partial evaluator can evaluate expressions m=?0 and m-1, and 
function calls of form a (m-1 , . . .) can be unfolded. We can now specialize function a to 
the values of m, yielding a less general program that is about twice as fast: 

a2(n) = if n =? 0 then 3 else al(a2(n-l)) 
al(n) = if n =? 0 then 2 else al(n-l)+l 
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6.5 Compiling and compiler generation by 

specialization 


This section shows the sometimes surprising capabilities of partial evaluation for gener¬ 
ating program generators. We will see that it is possible to use program specialization 
to compile, if given an interpreter and a source program in the interpreted language; to 
convert an interpreter into a compiler: 



by specializing the specializer itself; and even to generate a compiler generator. This is 
interesting for several practical reasons: 

• Interpreters are usually smaller, easier to understand, and easier to debug than 
compilers. 

• An interpreter is a (low-level form of) operational semantics, and so can serve as 
a definition of a programming language, assuming the semantics of L is solidly 
understood. 

• The question of compiler correctness is completely avoided, since the compiler will 
always be faithful to the interpreter from which it was generated. 

The results are called the Futamura projections since they were discovered by Yoshihiko 
Futamura in 1971 [48]. We consider for simplicity only specialization without change 
in data representation. That is, we assume that all the languages below have concrete 
syntax and pairing, and that all the data languages are the same. Suppose we are given 

• a specializer spec from L to T written in an implementation language Imp. 

• an interpreter int for S-programs which is written in language L; and 

• an arbitrary S-program source. 

6.5.1 The first Futamura projection 

The following shows that given an L to T-specializer, an S interpreter written in L, and an 
S-program source, one can get a T program target equivalent to source. Concretely: 

target = Jspec]] Imp ( int. source) 
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is a T-program equivalent to S-program source, i.e. that one can compile by partial 
evaluation. (This is a solution of Exercise 3.1.) 

This equation is often called the first Futamura projection [48], and can be verified 
as follows, where in and out are the input and output data of source. 


out 




Assumption 

Definition 3.4.1 of an interpreter 
Definition 3.6.1 of a specializer 
Definition of target 


In other words, one can compile a new language S to the output language of the special¬ 
izer, provided that an interpreter for S is given in the input language of the specializer. 
Assuming the partial evaluator is correct, this always yields target programs that are 
correct with respect to the interpreter. This approach has proven its value in practice. 
See [11, 90, 89] for some concrete speedup factors (often between 3 and 10 times faster). 

A common special case used by the Lisp and Prolog communities is that Imp = T = L, 
so one can compile from a new language S to L by writing an S-interpreter in L. 


Speedups from specialization As mentioned before, compiled programs nearly al¬ 
ways run faster than interpreted ones, and the same holds for programs output by the 
first Futamura projection. To give a more complete picture, though, we need to discuss 
two sets of running times: 


1. Interpretation versus execution: 



2. Interpretation versus specialization plus execution: 


£zrae int (p.d) versus time svec 



If program p is to be run just once, then comparison 2 is the most fair, since it accounts 
for what amounts to a form of “compile time.” If, however, the specialized program 
intp is to be run often (e.g. as in typical compilation situations), then comparison 1 is 
more fair since the savings gained by running int p instead of int will, in the long term, 
outweigh specialization time, even if int p is only a small amount faster than int. 
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6.5.2 


Compiler generation by the second Futamura projection 


The second equation shows that one can generate an S to T compiler written in T, provided 
that an S-interpreter in L is given and Imp = L: the specializer is written in its own input 
language. Concretely, we see that 

compiler = [spec]] L (spec.int) 


is a stand-alone compiler: an L-program which, when applied to a single input source, 
yields target. It is thus a compiler from S to L, written in L. Verification is straightfor¬ 
ward as follows: 


target 


[[spec]] L (int.source) First Futamura projection 

[[[[spec]] L (spec.int)]] T (source) Definition 3.6.1 of a specializer 

T 

[[compiler]] (source) Definition of comp 


Equation compiler = [[specJ L (spec.int) is called the second Futamura projection. The 
compiler generates specialized versions of interpreter int. Operationally, constructing a 
compiler this way is hard to understand because it involves self-application — using spec 
to specialize itself. But it gives good results in practice, and faster compilation than by 
the first Futamura projection. 


6.5.3 Compiler generator generation by the third Futamura 

projection 

Finally, we show (again assuming Imp = L) that 
cogen = [spec]] L (spec.spec) 


is a compiler generator : a program that transforms interpreters into compilers. Verifica¬ 
tion is again straightforward: 


compiler 



Second Futamura projection 
Definition 3.6.1 of a specializer 
Definition of compiler 


The compilers so produced are versions of spec itself, specialized to various interpreters. 
This projection is even harder to understand intuitively than the second, but also gives 
good results in practice. 
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The following more general equation, also easily verified from Definition 3.6.1, sums 
up the essential property of cogen (we omit language L for simplicity): 

[pj(s.d) = [[[spec]] (p.s) ]]d = ... = [[[cogen]] p j s } d 

Further, cogen can produce itself as output (Exercise 6.9.) 

While the verifications above by equational reasoning are straightforward, it is far 
from clear what their pragmatic consequences are. Answers to these questions form the 
bulk of the book [89]. 

6.5.4 Speedups from self-application 

A variety of partial evaluators generating efficient specialized programs have been con¬ 
structed. Easy equational reasoning from the definitions of specializer, interpreter, and 
compiler reveals that program execution, compilation, compiler generation, and compiler 
generator generation can each be done in two different ways: 

out = [[int]] (source. input) 

target = [[spec]] (int. source) 

compiler = [[spec]] (spec . int) 

cogen = [[spec]] (spec. spec) 

The exact timings vary according to the design of spec and int, and with the implemen¬ 
tation language L. We have often observed in practical computer experiments [90, 89] 
that each equation’s rightmost run is about 10 times faster than the leftmost Moral: 
self-application can generate programs that run faster! 

6.5.5 Metaprogramming without order-of-magnitude loss of 

efficiency 

The right side of Figure 6.2 illustrates graphically that partial evaluation can substan¬ 
tially reduce the cost of the multiple levels of interpretation mentioned in Section 6.2.3. 

A literal interpretation of Figure 6.2 would involve writing two partial evaluators, 
one for LI and one for LO. Fortunately there is an alternative approach using only one 
partial evaluator, for LO. For concreteness let p2 be an L2-program, and let in, out be 
representative input and output data. Then 


[[target]] (input) 
[[compiler]] (source) 
[cogen]] (int) 
[cogen]](spec) 
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Figure 6.2: Overhead introduction and elimination. 


out = [[intJJ L0 (int^. (p2.in) 

One may construct an interpreter for L2 written in LO as follows: 

intQ := [[specJ L0 (intQ.int|) satisfying 
out = JintQ]] L0 (p2.in) 

By partial evaluation of into, an y L2-programs can be compiled to an equivalent LO-pro¬ 
gram. Better still, one may construct a compiler from L2 into LO by 

compo := cogen LO (into) 

The net effect is that metaprogramming may be used without order-of-magnitude loss 
of efficiency. The development above, though conceptually complex, has actually been 
realized in practice by partial evaluation, and yields substantial efficiency gains. 


6.6 Desirable properties of a specializer 

Totality 

It is clearly desirable that specialization function [[spec]] is total, so every program p and 
partial input s leads to a defined output p s = [[spec]](p. s). 
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Computational completeness 

The significant speedups seen in the examples above naturally lead to another demand: 
that given program p and partial data s, all of p’s computations that depend only on its 
partial input s will be performed. 

Unfortunately this is in conflict with the desire that [[spec]] be total. Suppose, for 
example, that program p’s computations are independent of its second input d, and that 
[[p]] is a partial function. Then computational completeness would require [spec]] (p. s) to 
do all of p’a computation on s, so it would also fail to terminate whenever [p]](s.d) = _L. 
This is a problem, since nobody likes compilers or other program transformers that 
sometimes loop infinitely! 

A typical example which is difficult to specialize nontrivially without having the 
specializer fail to terminate is indicated by the program fragment 

if complex-but-always-true-condition-with-unavailable-input-d 
then X := nil 

else while true do S := cons S S; 

One cannot reasonably expect the specializer to determine whether the condition will al¬ 
ways be true. A specializer aiming at computational completeness and so less trivial than 
that of Section 5.2 will likely attempt to specialize both branches of the if statement, 
leading to nontermination at specialization time. 

A tempting way out is to allow p s to be less completely specialized in the case that 
[[p]](s.d) = _L, e.g. to produce a trivial specialization as in Section 5.2. This is, however, 
impossible in full generality, as it would require solving the halting problem. 

Some practical specializers make use of run-time nontermination checks that monitor 
the static computations as they are being performed, and force a less thorough special¬ 
ization whenever there seems to be a risk of nontermination. Such strategies, if capable 
of detecting all nontermination, must necessarily be overly conservative in some cases; 
for if perfect, they would have solved the halting problem. 


Optimality 

It is desirable that the specializer be “optimal” when used for compiling, meaning that 
spec removes all interpretational overhead. This can be made somewhat more precise, 
given a self-interpreter sint: 
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sint G 


L 

L 


By definition of interpreter and specialization (or by the first Futamura projection), for 
every d G ID 

M( d ) = [sintp] (d) 

where sint p = [[spec](sint .p). Thus program sint p is semantically equivalent to p. 
One could reasonably say that the specializer has removed all interpretational overhead 
in case sint p is at least as efficient as p. We elevate this into a definition: 

Definition 6.6.1 Program specializer spec is optimal for a self-interpreter sint in case 
for every program p and data d, if sint p = [spec] (sint .p) then 

ftrae sintp (d) < time p (d) 

This definition of “optimality” has proven itself very useful in constructing practical 
evaluators [89]. For several of these, the specialized program sint p is identical up to 
variable renaming to the source program p. Further, achieving optimality in this sense has 
shown itself to be an excellent stepping stone toward achieving successful and satisfactory 
compiler generation by self-application. 

An open problem. Unfortunately there is a fly in the ointment. The condition just 
proposed is a definition relative to one particular self-interpreter sint. It could therefore 
be “cheated,” by letting spec have the following structure: 

read Program, S; 
if Program = sint 
then Result := S 

else Result := the trivial specialization of Program to S; 
write Result 

On the other hand, it would be too much to demand that spec yield optimal spe¬ 
cializations of all possible self-interpreters. Conclusion: the concept of “optimality” is 
pragmatically a good one, but one which mathematically speaking is unsatisfactory. This 
problem has not been resolved at the time of writing, and so could be a research topic 
for a reader of this book. 
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Figure 6.3: Specialization of a Program for Ackermann’s Function. 


6.7 How specialization can be done 

Suppose program p expects input (s.d) and we know what s but not d will be. Intu¬ 
itively, specialization is done by performing those of p's calculations that depend only on 
s, and by generating code for those calculations that depend on the as yet unavailable 
input d. A partial evaluator thus performs a mixture of execution and code generation 
actions — the reason Ershov called the process “mixed computation” [45], hence the 
generically used name mix for a partial evaluator (called spec in Chapter 3). Its output 
is often called the residual program , the term indicating that it is comprised of operations 
that could not be performed during specialization. 

For a simple but illustrative example, we will show how Ackermann’s function (seen 
earlier in Section 6.4.1) can automatically be specialized to various values of its first 
parameter. Ackermann’s function is useless for practical computation, but an excellent 
vehicle to illustrate the main partial evaluation techniques quite simply. An example is 
seen in Figure 6.3. (The underlines should be ignored for now.) Note that the specialized 
program uses less than half as many arithmetic operations as the original. 

Computing a(2,n) involves recursive evaluations of a(m,n) for m = 0, 1 and 2, and 
various values of n. The partial evaluator can evaluate expressions m=0 and m-1 for the 
needed values of m, and function calls of form a (m-1, . . .) can be unfolded (i.e. replaced 
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by the right side of the recursive definition above, after the appropriate substitutions). 

More generally, three main partial evaluation techniques are well known from program 
transformation: symbolic computation , unfolding function calls , and program point spe¬ 
cialization. Program point specialization was used in the Ackermann example to create 
specialized versions aO, al, a2 of the function a. 

On-line and Off-line Specialization. Figure 6.3 illustrates off-line specialization, 
an approach that makes use of program annotations , indicated there by underlines. The 
alternative is called on-line specialization: computing program parts as early as possible, 
taking decisions “on the fly” using only (and all) available information. 

These methods sometimes work better than off-line methods. Program p 2 in Figure 
6.3 is a clear improvement over the unspecialized program, but can obviously be improved 
even more; a few online reductions will give: 

a2(n) = if n=0 then 3 else al(a2(n-l)) 
al(n) = if n=0 then 2 else al(n-l)+l 

In particular, on-line methods often work well on structured data that is partially static 
and partially dynamic. On the other hand they introduce new problems and the need 
for new techniques concerning termination of specializers. For a deeper discussion of the 
merits of each approach, see [89]. 

6.7.1 Annotated programs and a sketch of an off-line partial 

evaluator 

The interpretation of the underlines in Figure 6.3 is extremely simple: 

1. Evaluate all non-underlined expressions; 

2. generate residual code for all underlined expressions; 

3. unfold at specialization time all non-underlined function calls; and 

4. generate residual function calls for all underlined function calls. 

Sketch of an off-line partial evaluator. We assume given: 


1. A first-order functional program p of form 
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fl(s,d) = expressionl (* resp. static & dynamic inputs *) 
g(u,v,...) = expression2 
• • • 

h(r,s,...) = expressionm 

2. Annotations that mark every function parameter, operation, test, and function 
call as either eliminable : to be performed/computed/unfolded during specialization, 
or residual, generate program text to appear in the specialized program. 

In particular the parameters of any definition of a function f can be partitioned into 
those which are static and the rest, which are dynamic. For instance m is static and n is 
dynamic in the Ackermann example. 

The specialized program will have the same form as the original, but it will consist 
of definitions of specialized functions gstatvaiues (program points), each corresponding to 
a pair (g, statvalues) where g is defined in the original program and statvalues is 
a tuple consisting of some values for all the static parameters of g. The parameters of 
function gstatvaiues in the specialized will be the remaining, dynamic, parameters of g. 

A specialization algorithm 

Assumptions: 

1. The input program p is as above, with defining function given by fl(s,d) = 
expressionl, and static s and dynamic d. 

2. Every part of p is annotated as eliminable (no underlines) or residual (underlined). 

3. The value of s is given. 

In the following, variables Seenbefore and Pending both range over sets of specialized 
functions gstatvaiues- Variable Target will always be a list of (residual) function defini¬ 
tions. 

1. Read Program and S. (Program p and static input value s.) 

2. Pending := {fIs} 5 Seenbefore := {}; 

3. While Pending is nonempty do the following: 

4. Choose and remove a pair gstatvaiues from Pending, and add it so Seenbefore if 
not already there. 

5. Find g’s definition g(xl ,x2,... ) = g-expression. 

6. • Let D1, . . . ,Dm be its subset of dynamic parameters. 
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• Let si,... ,s n = st at values be its list of current static parameter values. 

7. Generate and append to Target the definition 

Sstatvaiues (01 > • • • >Dm) — Reduce(^E ^, 

where E is the result of substituting s* in place of each static g-parameter xi 
occurring in g-expression, and Reduce simplifies the result E. 

Given the list statvalues of values of all of g’s static parameters, reduction of an ex¬ 
pression E to its residual equivalent RE = Reduce{ E) is defined as follows: 

1. If E is constant or a dynamic parameter of g, then RE = E. 

2. If E is a static parameter of g then then RE = its value, extracted from the list 
statvalues. 

3. If E is not underlined and of form operator (El, . . . , En) then compute the values 
vi ,... ,v n of Reduce(El ),... ,Reduce( En). (These must be totally computable from 
g’s static parameter values, else the annotation is in error.) Then set 

RE = the value of operator applied to ... ,v n . 

4. If E is operator (El,... ,En) then compute El' = Reduce^ El), ..., En' = Reduce (En). 

RE = the expression “operator(El', . . . , En').” 

5. If E is not underlined and of form if E0 then El else E2 then compute 
Reduce(E0). This must be constant, else the annotation is in error. If Reduce^ E0) 
equals true, then RE = Reduce{ El), otherwise RE = Reduce^ E2). 

6. If E is if EOthen El else E2 and each Ei' equals Reduce (Ei), then 

RE = the expression “if E0' then El' else E2'” 

7. Suppose E is f (El, E2, . . . ,En) and Program contains definition 

f(xl ... xn) = f-expression 

Since E is not underlined, the call is to be unfolded. Then RE = Reduce{ E'), where 
E' is the result of substituting Reduce^ Ei) in place of each static f-parameter xi 
occurring in f-expression. 

8. If E is f (E1,E2,... ,En), then 
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(a) Compute the tuple st at value s' of the static parameters of f, by calling 
Reduce on each. This will be a tuple of constant values (if not, the anno¬ 
tation is incorrect.) 

(b) Compute the tuple Dynvalues of the dynamic parameters of f, by calling 
Reduce ; this will be a list of expressions. 

(c) Then RE = the call “f statvalues /(Dynvalues). 55 

(d) A side-effect: if f statvaiues' is neither in Seenbef ore nor in Pending, then add 
it to Pending. 


6.7.2 Congruence, binding-time analysis, and finiteness 


Where do the annotations used by the algorithm above come from? Their primal source 
is knowledge of which inputs will be known when the program is specialized, for example 
m but not n in the Ackermann example. There are two further requirements for the 
algorithm above to succeed. 

First, the internal parts of the program must be properly annotated (witness com¬ 
ments such as “if .. .the annotation is incorrect”). The point is that if any parameter 
or operation has been marked as eliminable, then one needs a guarantee that it actually 
will be so when specialization is carried out, for any possible static program inputs. For 
example, an if marked as eliminable must have a test part that always evaluates to a 
constant. This requirement (properly formalized) is called the congruence condition in 


[89]. 

The second condition is termination : regardless of what the values of the static inputs 
are, the specializer should neither attempt to produce infinitely many residual functions, 
nor an infinitely large residual expression. 

It is the task of binding-time analysis to ensure that these conditions are satisfied. 
Given an unmarked program together with a division of its inputs into static (will be 
known when specialization begins) and dynamic, the binding-time analyzer proceeds to 
annotate the whole program. Several techniques for this are described in [89]. The 
problem is complex for the following reason: 


1. A specializer must account for all possible runtime actions, but only knows the 
value of static data. It thus accounts for consequences one step into the future. 

2. A binding-time analyzer must account for all possible runtime actions, but only 
knows which input values will be static , but not what their values are. It thus 
accounts for computational consequences two steps into the future. 




108 Metaprogramming, Self-application, and Compiler Generation 


The current state of the art is that congruence is definitely achieved, whereas binding- 
time analyses that guarantee termination are only beginning to be constructed. 


Exercises 


6.1 Section 6.3 assumed one already had compilers for language S available in both source 
form h and target form t. In practice, however, writing target code is both involved and 
error-prone, so it would be strongly preferable only to write h, and the by some form of 
bootstrapping obtain t satisfying [[h]] s = [[t] T . 

Explain how this can be done, assuming one only has a compiler for language S 
available in source form h. Start by writing an interpreter int for S in some existing and 
convenient executable language L. □ 

6.2 Find another way to accomplish the same purpose. □ 

6.3 Another practical problem amenable to bootstrapping is that of cross-compiling : 
given a compiler h from S to T written in S, and an executable target version t in an 
available target language T, the problem is to obtain an executable target version tl in 
a new target language Tl. 

Explain how this can be done. One way is, as a first step, to modify the “code 
generation" parts of h to obtain compiler hi from S to Tl. □ 


6.4 Find another way to accomplish the same purpose. 



6.5 Explain informally the results claimed in Section 6.5.4, e.g. why compilation 

T 

by target = [[compiler]] (source) should be faster than compilation by target = 
Jspec]] L (int.source). □ 


6.6 Prove that Jp]] (s.d) = [[[[[cogenj (p) ]] (s) } (d) □ 

6.7 * Apply the algorithm sketched in Section 6.7.1 to the program of Figure 6.3 with 

static input m = 2. □ 


6.8 Find an appropriate set of annotations (underlines) for the multiplication program 
specialized In Section 6.4. □ 


6.9 Prove that cogen = [[cogen]] (spec) . 


n 
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7 Other Sequential Models of 
Computation 


We now define some new machine models that differ more or less radically in their 
architectures from WHILE. Section 7.1 describes some comon features of these models, 
and Sections 7.2-7. 5 presents the details of each. New models include: 

• GOTO, a model similar to WHILE but with jumps instead of structured loops; 

• TM, the Turing machines originating in Turing’s 1936 paper; 

• RAM, the random access machines , a model of computer machine languages. 

• CM, the counter machines , a simple model useful for undecidability proofs. 

Remark to the reader. This chapter and Chapter 8 introduce a series of new compu¬ 
tational models based, loosely speaking, on new architectures; and Chapter 9 introduces 
two models based on languages: one for first-order data, and the other, the lambda 
calculus, allowing arbitrary functions as values. 

The net effect and goal of these three chapters is to provide evidence for the Church- 
Turing thesis: that all computation models are equivalent. The means by which the 
goal is achieved involve defining the several new machine types (input-output data sets, 
computational states, computations, etc.); defining codings between their various data 
types; and showing how machines or programs of the one sort can simulate ones of the 
other sorts. Some of these constructions will be revisited later when arguing for the 
robustness of, for example, polynomially time-bounded computations. 

Some readers, already convinced of this, may wish to skip forward to Chapter 10, on 
natural undecidable problems. For their sake we point out two facts used several places 
later in the book: 

• Counter machines, with just two counters and instructions to increment or decre¬ 
ment either by 1, or test either for zero, are a universal computing model any 
computable function can, modulo some data encoding, be computed by some two- 
counter program. (Theorem 8.7.2.) 

• Further, the GOTO language, whose programs are essentially “flow chart” equiv¬ 
alents to WHILE programs, are also a universal computing model. Some future 
constructions will be based on this representation. 


Ill 
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7.1 Common characteristics of GOTO, TM, RAM, CM 

7.1.1 Data: trees built from one atom nil, strings built from 

two symbols 0, 1 

We assume without loss of generality that TM -data = {0,1}*, since a Turing machine with 
a larger tape alphabet can be simulated with at most linear loss of time, by one that 
works on symbols encoded as strings in {0,1 }* by encoding each symbol in an /c-symbol 
alphabet as a block of [log A:] bits. 

Our presentation of Turing machines is nonclassical because it has a programmed 
control and a fixed tape alphabet {0,1}. A later section on the “speedup theorem” will 
use the classical model, defined in Section 7.6. 

7.1.2 Control structures 

Each of the computational models GOTO, TM, RAM, and CM has an imperative control 
structure, expressible by a program which is a finite sequence of instructions: p = 

11 1 2 • • • I m- Sometimes this will be written with explicit labels: p = 1: I* 2: 

1 2 • • • m: I m m+1: . The exact form of each instruction Ig will be different for the 

various machine types. At any point in its computation, the program will be in a state 
of form 

s = (£, <r ) where f G {1,2,... ,m,m + 1} is a program label and 

o is a store whose form will vary from model to model 

A terminal state has label ^ = m+1, indicating that the computation has terminated. 

To describe computations we use the common judgment forms: 

Judgment form: Read as: 

[[p]] (x) = y y is the output from running program p on input x 

p b s —> s' Program p transits from state s to state s' in one step 

p b s —>* s' Program p transits from state s to state s' in 0, 1, or more steps 

Repeated control transitions p b s — s' may be defined in terms of one-step transitions 
as follows, for any stores s, s', s": 

phs —>* s 

phs+ s' if p b 5 -> s" and p h s" ->* s' 
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In any one run, the store will be initialized according to the program input, and the 
program’s computed result will be read out from the final store. Details differ from 
machine to machine, so we assume given functions of the following types, to be specified 
later for each model: 

Readin : L -data —» L -store 
Readout: L-store —» L -data 

Finally, we can define the effect of running program p on input x by: [[p]](x) = y if 

1. (Jo = Readin(x) 

2. p b (1,(To) (ra+ 1,cr), 1 and 

3. y = Readout(a) 

7.2 A flowchart language GOTO 

Definition 7.2.1 First, GOTO -data = ID as in Definition 9.1.1. Let Vars be a countable 
set of variables. We use the conventions d, e E D and X,Y,Z E Vars. Then GOTO -prog 
= the set of imperative programs as in Section 7.1, where informal syntax of a GOTO 
instruction is given by the following grammar: 

I ::= X := nil | X := Y | X := hd Y | X := tl Y 
I X := cons Y Z | if X goto f else t! 

Labels t in if statements must be between 1 and m+ 1. 

The test =? has been omitted since, by Section 2.3, general equality can be expressed 
using atomic equality; and there is only one atom nil, which can be tested for using the 
if instruction. □ 

Note that every expression has at most one operator, and tests must use variables rather 
than expressions. The intuitive semantics of GOTO-programs is as follows. Execution 
begins with instruction Ii. Assignments are executed as in WHILE. A statement if X 
goto £ else £' is executed in the obvious way: if the value of X is not nil then execution 
proceeds with instruction 1^, and otherwise instruction instruction 1^ is executed. 

Here is a version of the reverse program in GOTO, where instructions goto f and if 
X goto i abbreviate the obvious special cases of if X goto £ else £'. The input will 
be read into X and the output will be written from X. 


^^Here (m + l,er) is a terminal state. 
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1: Y := nil; 

2: if X goto 4; 

3: goto 8; 

4: Z := hd X; 

5: Y := cons Z Y; 

6: X := tl X; 

7: goto 2; 

8: X:= Y 

Note how the combination of if and goto simulates the effect of while. 

Definition 7.2.2 Consider a program p = Ii ... I rn . Let Vars(p)= {X,Z1. . . ,Zn} 
be the set of all variables in p, and let X be a distinguished input-output variable. 

1. A store for p is a function from Vars(p) to ID. A state for p is a pair (£,(t) where 
1 < i < m + 1 and a is a store for p. 

2. Reading d) = [X f—» d, Z1 nil,... Zn i—>• nil . 

3. Readout(a) = <r(X). 

4. The one-step transition rules for GOTO appear in Figure 7.1. □ 
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Figure 7.1: One-step transition rules for GOTO -programs. 


7.3 The Turing machine TM 

This model is a direct formalization of Turing’s analysis of computational processes, using 
a sequence of instructions for control. 
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First, TM -data = {0,1}*, so an input is a bit string. A Turing machine has one 
or more tapes. Each tape is a two-way infinite sequence of squares , where a square 
contains a symbol from a finite tape alphabet A including the “blank symbol” B. During 
a computation the square’s contents may be tested or overwritten. At any time during 
a computation there will only be finitely many nonblank symbols on any tape. 

In the literature the tape alphabet can sometimes be arbitrarily large, but we use 
{0,1,B} for simplicity and because it only makes small constant changes in running 
times: the same reasons for restricting the GOTO language to the one atom nil. 

In a computational total state at some moment, each of the machine’s read/write 
heads is scanning one “current” square on each tape, and it is about to perform one of 
its program instructions. This directs the machine to do one of the following for one of 
the tapes: write a new symbol on the tape, replacing the previous scanned tape square’s 
contents; move its read/write head one square to the left or to the right; or compare the 
contents of its scanned square against a fixed symbol and then transfer control to one 
instruction if it matches, and to another instruction if not. 



Tape 1 (input) 


Tape 2 (initially blank) 


Tape k (initially blank) 


Figure 7.2: A multitape Turing machine. 


The following grammar describes TM -prog by giving the syntax of both instructions and 
data. Subscript j, 1 < j < /c, indicates which tape is involved. For one-tape Turing 
machines the subscript will be omitted. 
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I : 

Instruction : 

: rightj left., 

S,S' : 

Symbol : 

0 | 1 | B 

L,R: 

String : 

: S String e 

a : 

Tapes : 

: Tape fc 


Tape : 

L S R 


writer S 


if j S goto f else (! 


(<e is the empty string) 


A store o is a /c-tuple of two-way conceptually infinite tapes. The tapes must be repre¬ 
sented finitely in order to define the transition rules. One way is to include all nonblank 
symbols, so a full tape is obtained by appending infinitely many blanks to each end of a 
finite tape representation. A full storage state consists of a store in which the scanned 
symbol will be underlined. Thus we define 


TM -store = { (LiS 1 Ri,...,LfcS fc Rfc) | L 2 , S*, R* as above } 

Here the underlines mark the scanned symbols S*, and and are (perhaps empty) 
strings of symbols. 

Inputs and outputs are strings in TM -data = {0,1}*, are found on the first tape, 
and consist of all symbols to the right of the scanned symbol, extending up to but not 
including the first blank. The store initialization and result readout functions are defined 
as follows: 

Reading) = (Bx, B,... ,B) Start just left of input 

Readout^ LiS 1 Ri,L 2 S 2 R 2 ,• • • ,LfcS fc Rfc) = Pfx( Ri) Tape 1, right to first B 


where 


Pfx(K) = 


£ if R = e or if R begins with B 

S Pfx( R') if R = SR' and S = 0 or 1 


Finally, the effect of a one-tape Turing machine one-step transition is defined as in Figure 
7.3, where is the instruction about to be executed and S,S' G {0,1,B} are tape symbols. 
Extension to multiple tapes is straightforward but notationally tedious, and so is omitted. 


7.4 The counter machine CM 

A counter machine program has as storage a finite number of counters (also called reg¬ 
isters or cells) X0, XI, X2,..., each holding a natural number. Thus CM-data = IN. 

Program instructions allow testing a counter for zero, or incrementing or decrementing 
a counter's contents by 1 (where by definition 0 — 1 = 0 and (x-\-l) — l = x for x G TV). All 
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Figure 7.3: Turing machine one-step transition rules. 


counter contents are initially zero except for the input. The following grammar describes 
the CM instruction syntax and so defines CM -prog. 



Xi := Xi + 1 



if Xi=0 goto I else (! 


(Sometimes the dot will be omitted from —.) Additional computable instructions could 
be added, e.g. Xi := 0, Xi := Xj, if Xi = 0 goto £, or goto I. Such extensions are, 
however, unnecessary in principle since they are special cases of or can be simulated using 
the instruction set above. 

A store cr is a function in 


CM -store 


{ 


a 


a : IN -> IN} 


where a(i) is the current contents of counter Xi for any i G IN. The store initialization 
and result readout functions are defined as follows: 

Readin(x) = [0 i—^ rc, 1 1 —^ 0,2 i—> 0,...] Input in counter 0 

Readout(a) = cr(0) Output from counter 0 

Any one program can only reference a fixed set of counters. Thus for any store a used to 
execute it, <j(i) = 0 will hold for all but a fixed finite set of indices. Finally, the counter 
machine one-step transition rules are defined as in Figure 7.4. 


7.5 The random access machine RAM 

This machine is an extension of the counter machine which more closely resembles current 
machine languages. It has a number of storage registers containing natural numbers (zero 
if uninitialized), and a much richer instruction set than the counter machine. The exact 
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Figure 7.4: Counter machine one-step transition rules. 


Register 0 
Register 1 
Register 2 


Register i 


Figure 7.5: Picture of a random access machine. 

range of instructions allowed differ from one application to another, but nearly always 
includes 

1. Copying one register into another. 

2. Indirect addressing or indexing. This allows a register whose number has been 
computed to be fetched from or stored into. 

3. Elementary operations on one or more registers, for example adding or subtracting 
1, and comparison with zero. 

4. Other operations on one or more registers, for example addition, subtraction, multi¬ 
plication, division, shifiting, or bitwise Boolean operations (where register contents 
are regarded as binary numbers, i.e. bit sequences). 

The successor random access machine , SRAM, has only instruction types 1, 2, 3 above. 
General RAM operations vary within the literature. Although rather realistic in some 
aspects, the SRAM is, nonetheless, an idealized model with respect to actual machine 
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codes. One reason is that there is no built-in limit to word size or memory address 
space: it has a potentially infinite number of storage registers, and each may contain 
an arbitrarily large natural number. Even though any one program can only address 
a constant number of storage registers directly, indirect addressing allows unboundedly 
many other registers to be accessed. 

The following grammar describes the SRAM instruction syntax. 

I ::= Xi := Xi + 1 | Xi : = Xi - 1 | if Xi=0 goto £ else £' 

Xi := Xj | Xi := <Xj> | <Xi> := Xj 

While this machine resembles the counter machine, it is more powerful in that it allows 
programs to fetch values from and store them into cells with computed addresses. The 
intuitive meaning of Xi := <Xj> is an indirect fetch : register Xj’s contents is some 
number n; and that the contents of register Xn are to be copied into register Xi. Similarly, 
the effect of <Xi> := Xj is an indirect store : register Xi’s contents is some number m\ 
and the contents of register Xj are to be copied into register Xm. 

This version is nearly minimal, but will suffice for our purposes. More general RAM 
models seen in the literature often have larger instruction sets including addition, mul¬ 
tiplication, or even all functions computed by finite-state automata with output, op¬ 
erating on their argments’ binary representations. We will argue that such extensions 
do not increase the class of computable functions. They can, however, affect the class 
of polynomial-time solvable problems, as the more powerful instructions can allow con¬ 
structing extremely large values within unrealistically small time bounds. 

The RAM storage has the form 

SRAM -store = { a \ a : IN —► IN} 
where a(j) is the current contents of register Xj. Further, 

Readin(x) = [0 i—>• x, 1 1 —» 0,...] Input in register X0 

Readout(a) = cr(0) From register XO 

Even though one program can directly reference only a fixed set of registers, the in¬ 
direct operations allow access to registers not appearing in the program text (perhaps 
unboundedly many). On the other hand, the store is initialized to zero except for its 
input register, so at any point during a computation only finitely many registers can 
contain nonzero values. Consequently the machine state can be represented finitely (in 
fact we will see that an SRAM can be simulated by a Turing machine). 

The SRAM one-step transition rules are defined as in Figure 7.6. 
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Figure 7.6: Successor random access machine one-step transition rules. 


7.6 Classical Turing machines 

We will later on prove certain results for which it matters whether one chooses the 
formulation of Turing machines above, or the classical formulation usually adopted in 
the literature. Therefore we now briefly review the classical definition. 


Definition 7.6.1 A k -tape classical Turing machine is a quintuple 


(E ,Q,£init,£fin,T) 


where 


1. E is a finite alphabet containing a distinguished symbol B; 

2. Q is a finite set of states, including £i n it^fin\ an( i 

3. T is a set of tuples of form 

where 

(a) ai,... ,afc,bi,... ,bfc E E; 

(b) Mi,...,Mfc E {<—,!,—»}; and 

(c) £,£' E Q and £ ^ £f in . 

The Turing machine is deterministic if for every £ and ai,..., there exists at most one 
bi,... ,bfc, Mi,... ,Mfc, and £' such that (£, (a 1 ,b 1 ,M 1 ),..., (a/ c ,b/ c ,M / c ),£') E T. □ 
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It is perhaps easiest to understand the definition by comparison with the previous def¬ 
inition of Turing machines. Whereas the previous definition insisted that every Turing 
machine use the same tape alphabet {0,1, B}, the present definition allows each machine 
to have its own tape alphabet £. Moreover, whereas the previous Turing machine was 
controlled by a sequence of labeled commands, we now have instead a set of states Q , 
and a set of transitions T between these states. Roughly, every state £eQ corresponds 
to a label in the earlier definition, and every transition t G T corresponds to a command. 
Consider, for instance, a 1-tape Turing machine with transition: 

(A(a,b ,M),£') 

Such a transition may also be written more simply as a quintuple: 

(4a,b,M,0 

The meaning of the transition is: in state £, if the scanned square contains a, then 
overwrite this a with b, perform an action as specified by M, and go to state A, where 
the different values of M are interpreted as follows: 

move the read/write head one square to the left 
do not move the read/write head 
move the read/write head one square to the right 

All this is counted as taking 1 step. 

A tuple 

specifies the analogous k -tape Turing machine state transition: in state £, if the scanned 
symbol on tape i is a^, for all i G {1,.. ./c}, then is to be written in place of a i for all 
i G {1 the read/write head on tape i is moved according to M*, for all i G {1,... /c}, 

and the new state becomes £'. All this is also counted as taking 1 step. Note that all the 
a* are replaced by the b* if this tuple applies; else none of them are replaced. 

In order to formalize computations we make use of configurations. For a 1-tape 
Turing machine a configuration is a pair (£, (L,cr,R)), where £ is the current state, a is the 
current scanned symbol, and L and R are the contents of the tape to the left and right of 
cr, respectively. Transitions modify the configurations as sketched above. A computation 
always begins in state Am* with a blank as the scanned symbol, blank tape to the left, 
and the input to the right. Computations end in £fi n (if they end at all) with the output 
to the right of the scanned symbol up to the first blank. There are no transitions from 

^ fin • 
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The tape to the left and right of the scanned symbol are at all times finite. In the 
situation where one moves, say, to the right and the tape to the right is empty, we simply 
add a blank. 

This is all made precise in the following definition. 


Definition 7.6.2 Given a k-tape Turing machine M = (£,Q,^ n ^,^ n ,T). 

1. A configuration of M is an element of Q x (E* x E x E*) fe . 

2 . One configuration C leads to another C", notation C ^ C' , if 


C 

C' 


(T, (L-^cr-^Ri),..., (L 


n i 




(^, (Li,0i,Ri), •.., (l4,ct^,R4)) 


and there is a transition (T, (ai,bi,Mi),..., (afc,bfc,Mfc),^') GT such that for all 
i — 1,..., k both (Ji = a*, and: 


(a) if Mi =<— then 

i. if C = 5 then L- = e, a[ = B, and R- = b*R*; 

ii. if L* = 7 <j with a G E, then L' = 7 , a' L = cr, and R- = b*R*. 

(b) if Mi =[ then L- = L*, cr' = b i? and R- = R^ 

(c) if Mi =—> then 

i. if R i = e then R- = £, a\ = B, and L- = b*L*; 

ii. if R* = cry with a G E then R' = 7 , cr' = cr, and L' = b^L^. 

3. C leads to C' in m steps, notation C C", if there is a sequence of configurations 
G]_,..., C rrL s r \ such that C — C\ and C f — C rn j r \. 

4. For x,y G (E\{B})* we write M(x) = y, if for some m 


{Unit , (e, B, x ), (e, B, 5 ),..., (e,B, e)) ^ rn 

fin 5 (D1, O" 1, 2 /Rl), (L2 5^2, R2) ? • • • 1 (L/j; , CT/c ? fife ) ) 

where Ri is either e or begins with B. 

5. M decides a set L C (E\{B})*, if 



1 for every x G L 
0 for every x G (E\{B})*\L 



Example 7.6.3 Here is a 1-tape Turing machine M that takes a number in the unary 
number system as input, and returns its successor as output, i.e., M(x) = xl for all unary 
numbers x. 
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1 . 

2 . 

3. 

4. 

5. 


£ = {0,1,B}; 

Q = {4,4, 4, 4}; 


4 


invt 


£ U 


fin 


4; 

4; 


tH(4,b,b,^,4),(4,i,i,^,4),(4,b,i,<-,4),(4,M,^,4),(4,b,b,|,4)} 


The machine is started with scanned symbol B, blank tape to the left, and the input 
1 • • • 1 to the right. Therefore it begins (first transition) by moving one step to the right. 
Then (second transition) it moves one step to the right as long as it sees l’s. When it 
reaches a blank after the l’s, it replaces the blank by an extra 1 (third transition). It 
then moves to the left to get back to the initial blank (fourth transition), and when it 
arrives, it terminates (fifth transition). 

Here is a more clever machine computing the same function: 


1 . 

2 . 

3. 

4. 

5. 


£ = {0,1, B}; 

Q = {4,4}; 


4 


invt 


£ fin 


4; 

4; 


t = {(4,b,i, 




Note that every transition must write something to the scanned square. In order to 
simply move the read/write head one must write the same symbol to the scanned square 
as is already present. For instance, 

(4 ,b,b, »,4) 

is the first transition in the example above which moves the read/head one square to the 
right. It is convenient to let nop be an abbreviation for the triple (B,B,|). In case we 
know the scanned square is a blank, this operation neither moves the read/write head 
nor writes anything to the tape—it performs a “no-operation.” 


Exercises 

7.1 Show that a program with several one-dimensional arrays can be simulated in a RAM. 

□ 


7.2 Show that it is not necessary to assume that every memory cell is initialized to 0. 
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1. Show how, given any CM program p as defined above, to construct a CM program q 
which has the same input-output behavior as p, regardless of the initial state of its 
memory. (An easy exercise.) 

2. * Show that the same is true for any RAM program p as defined above. (A more 
subtle exercise.) 

□ 

7.3 

1. Show that function x-\- 1 is computable by a Turing machine, if given as input the 
binary representation of x. 

2. Show that a Turing machine can, given input of form xBy where y,xE{0,l}*, decide 
whether x = y. An alphabet larger than {0,1,B} may be assumed, if convenient. □ 

7.4 Show how to simulate instructions Xi := 0, Xi := Xj, goto £, and if Xi ^ 0 

goto £ else £' on a counter machine as defined above. □ 

7.5 Show that a counter machine can compute functions x-\- y,2 • x,x/2. □ 

7.6 * This exercise and the next concern the construction of a self-interpreter for SRAM 

programs. Part 1: devise an appropriate way to represent the instruction sequence 
comprising an SRAM program as SRAM data in memory. (Hint: you may wish to use more 
than memory cell to contain one instruction.) □ 

7.7 * Part 2: Sketch the operation of the self-interpreter for SRAM programs. This can 
store the program to be interpreted in odd memory locations, and can represent memory 
cell loc of the program being interpreted by the interpreter’s memory cell 2 doc. □ 

7.8 Prove that the function f(x) = the largest u such that x = 3 U • y for some y is 

CM-computable. □ 

References 

The data structure of GOTO is very similar to that of first-order LISP or Scheme, and 
its control structure is very similar to early imperative languages, e.g. BASIC. Counter 
and random access machines were first studied by Shepherdson and Sturgis [163], and 
are now very popular in complexity theory, for instance in the book by Aho, Hopcroft 
and Ullman [2]. 
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The SRAM and equivalent storage modification machines were studied by Schonhage 
[160]. Turing machines were introduced in [170] and are widely studied in computability 
and complexity theory. The book by Papadimitriou [138] gives a large-scale introduction 
to complexity theory and computation models, and [173] covers an even broader range. 





8 Robustness of Computability 


In this chapter we undertake the task of justifying the Church-Turing thesis, by proving 
that all the different models introduced in the preceding chapter are equivalent to the 
WHILE model introduced earlier. 1 The result is that computability, without limitations 
on resource bounds, is equivalent for all of: WHILE, I, GOTO, CM, 2CM, RAM, and TM. This 
implies that many results about WHILE carry over to the other models directly. For 
instance, the halting problem is undecidable for all of the above languages. 

Section 8.1 presents an overview of the equivalence proof. Sections 8.2-8.7 then prove 
the various equivalences by means of compilation and interpretation. 


8.1 Overview 

Figure 8.1 gives an overview of the translations and interpretations in this chapter. The 
labels in the diagram sum up the techniques that are used. The proofs of equivalence 
come in three variants: 

1. Show for a language pair X, Y how to compile an arbitrary X-program p into an 
equivalent Y-program q (possibly with a change in data representation, as in Defi¬ 
nition 3.3.3). 

2. Show for a language pair X, Y how to write an interpreter for X in Y. 

3. The remaining arcs, labeled with C, are trivial. For instance, every 2CM-program 
is a CM-program with exactly the same computational meaning. 

Figure 8.2 shows the form of data and store in each of the computation models. Compi¬ 
lation from WHILE to I was dealt with in Section 3.7.1; this involves coding multi-variable 
programs into ones with only one variable X. 


8.2 From GOTO to WHILE and back 

Proposition 8.2.1 There is a compiling function from WHILE to GOTO. 

Proof. By standard techniques; see the Exercises. □ 

1 Effectively so: There are computable compiling functions between any two. 
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WHILE 

1 


TM 


list of pairs 
(address, contents) 

-RAM 


encode 


t 


I 


interpret 


t 


F 



2CM 


Figure 8.1: Equivalences among computational models. 


The converse of the above proposition also holds. The classic Bohm-Jacopini construction 
in effect shows that every program can be written in the form of one while loop (and 
no goto’s) by adding an extra “instruction counter” variable. For instance, the GOTO 
version of the reverse program of Section 7.2 can be converted back into the WHILE 
program shown in Figure 8.3, where we use numerals from Subsection 2.1.6. 

Proposition 8.2.2 There is a compiling function from GOTO to WHILE. 

Proof. See the Exercises. □ 


Language L 

L -data 

L -store 

Input 

Output 

TM 

{0,1}* 

a = L SR 

B R 

R 

GOTO 

D 

o : IN —> D 

cr(0) 

cr(0) 

WHILE and I 

D 

a : IN —> D 

ct(0 ) 

cr(0) 

CM 

IN 

a : IN —> IN 

ct(0 ) 

cr(0) 

RAM 

IN 

o : IN —> IN 

cr(0) 

cr(0) 


Figure 8.2: Forms of data and stores 
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read X; 

C := 1; 
while C do 
if (=? C 1) 
if (=? C 2) 
if (=? C 3) 
if (=? C 4) 
if (=? C 5) 
if (=? C 6) 
if (=? C 7) 
if (=? C 8) 
write X 


then { Y := nil; C := 2 }; 

then { if X then C := 4 else C := 3}; 

then { C := 8 }; 

then { Z := hd X; C := 5 }; 

then { Y := cons Z Y; C := 6 }; 

then { X := tl X; C := 7 }; 

then { C := 2 }; 

then {X :=Y; C := 0 }; 


Figure 8.3: The result of using the B ohm-Jacopini construction on reverse. 


There is a controversy, sometimes experienced in undergraduate programming courses, as 
to whether the use of goto-statements in programming is acceptable. It is often claimed 
that GOTO programs are unstructured whereas WHILE programs are well-structured. 
The preceding example shows that WHILE programs can be exactly as unstructured 
as GOTO programs. In practice, however, using WHILE programs often yields better- 
structured programs. 

The preceding theorem is related to Kleene’s Normal Form Theorem (13.4.3) for 
recursive functions in that it shows that any WHILE program can be written in the form 

read X; 

Y := 1; 
while Y do C; 
write X 

where C does not contain any while loops (except those required by the macro facility to 
program if-statements). 


8.3 Compilations with change of data 

The various remaining machine types have different forms of input-output data, which 
necessitates transforming back and forth between different data domains. Figures 8.4, 8.5 
show the encodings that we will use to represent one machine type’s data for simulation 
by another machine type. (The notation < _, _ > used for c pr will be defined shortly.) 
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Figure 8 . 4 .* Data encodings between machine models. 


8.3.1 Common characteristics of the simulations 


All the simulations proceed by step-by-step simulation of program instructions. The 
process of establishing that one can correctly embed computations by model L into those 
of M can be summed up as follows, following the pattern of Definition 3.3.3: 


1. Define a one-to-one data encoding c : L -data —> M -data. 

2. Define a representation of any store a G L -store by a store a G M -store. 

3. Define the construction of an M-program p = lo;1 1 ;I 2 5 • • • I&;Ifc+i from an L-program 
P f-l ? T 2 5 • • • 1 !&;• 

Here I 0 and and Ik+i (if present) are respectively “initialize” code needed to pre¬ 
pare the simulation, and “clean-up” code to deliver the result in the needed final 
format. 

4. Prove that p correctly simulates the actions of p. 


We will mostly gloss over the correctness problem except where the construction is non¬ 
trivial, hoping the reader will find the other constructions sufficiently straightforward 
not to need formal proof. 
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Coding function c 

Definition of c 

Coib : (0,1,B}* —»ID 

CoiB^i^.-.a/c) = (ala£ (in list notation) 


where B^ nil.O^ (nil.nil),1^ (nil.(nil.nil)) 

c pr : ID —> IN 

Cp r (nil) = 0 and c pr (dl.d2) = 1 + 2 c ^( dl ) • 3 c P r(d2) 

bin : IN ^ { 0,1}* 

bin(v) = the shortest binary representation of v 

C 2CM : TV —» IN 

C2Cm(^) = 2 V 


Figure 8.5: Coding functions. 


8.4 Compiling RAM to TM 


We begin with the most complex compilation, from the most complex machine type (the 
RAM) to the a quite simple one (the Turing machine). 

First, to simplify the construction we reduce RAM instructions to what might be called a 
RISC or “reduced instruction set” version using register XO as an accumulator, and with 
instruction forms: 



XO := XO + 1 | XO := XO - 1 | if XO = 0 goto i 
XO := Xi | Xi := XO | XO := <Xi> | <X0>:= Xi 
Other operations: XO := XO Operation Xi 


Clearly any RAM program can be converted to an equivalent reduced form program, slow¬ 
ing down its running time by at most a small constant factor. 

The Turing machine simulating a RISC RAM program p will have 4 tapes as in the 
following table, using the binary encoding bin : IN —> { 0 , 1 }* of Figure 8.5. With each 
tape form we have marked, by underlining, the “standard scan position.” This is the 
position the scan heads are to occupy between simulation of any two RAM instructions. 

The first two tapes represent the locations and values of nonzero entries in the RAM 
store g — [ao i—>• Co,... ,a& Ck\. The third tape is the accumulator XO, the fourth is an 
auxiliary “scratch” tape for various purposes. 

Note that “standard scan position” can easily be located: since all number encodings 
have at least one bit, it will always be the rightmost B in the first BB to the left of any 
tape’s nonblank contents. 
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Tape number 

Tape name 

Tape form, standard scan position 

1 

Addresses 

. . .B B bin(a$) B 6m(ai)...B bin(ak)BB . . . 

2 

Contents 

. . .B B 6272(00) B 6272(01)... B bin(ck) BB. . . 

3 

Accumulator XO 

. . . B • • • B . . . 

4 

Scratch 

. . . B • • • B. . . 


Initialization code : the RAM program input 6272(2) is on tape 1. This is first copied to tape 
2 and 0 is placed on tape 1, signifying that cell 0 contains value 6272(2). After this, both 
heads are moved one position left to assume standard position. Termination code : the 
first value bin (co) on tape 2 is copied onto tape 1 , and all other information is erased. 
The simulation is described by three examples; the reader can fill in the rest. 

1. XO := XO + 1: 

Find the right end of the (nonblank portion of the) Accumulator tape 3. Repeatedly 
replace 1 by 0 on it, and shift left one position, as long as possible. When a 0 or B 
is found, change it to 1 and move one left to stop in standard position.. 

2. X23 := XO: 

Scan right on tapes 1 and 2, one B block at a time, until the end of tape 1 is reached 
or tape 1 contains a block B10111B. (Note: 10111 is 23 in binary notation.) 

If the end of tape 1 was reached, location 23 has not been seen before. Add it, by 
writing 10111 at the end of tape 1, and copy tape 3 (the value of XO) onto tape 2; 
and return to standard position. 

If, however, B10111B was found on tape 1, then 6222 ( 023 ) is scanned on tape 2. In 
this case it must be overwritten, done as follows: 

• copy 6222 ( 024 ) . . .B 6222 ( 0 *.) B onto scratch tape 4; 

• copy tape 3 (the value of XO) in place of bin (C 23 ) on tape 2; 

• write B and copy tape 4 onto tape 2, thus reinstating, after the new 6272 ( 023 ), 
the remainder 6272 ( 024 ) • • - B 6222 ( 0 ^) B; and finally 

• return to standard position. 

3. XO := <X23>: 

Starting at the left ends of tapes 1 and 2, scan right on both, one B block at a time, 
until the end of tape 1 is reached or tape 1 contains a block with B10111B. 

If the end is reached do nothing, as c 2 3 = 0 and tape 3 already contains c 0 . 
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If BIO 11 IB was found on tape 1, then bin (023) is scanned on tape 2. Copy bin(c 23) 
onto tape 4. As above, search tapes 1 and 2 in parallel until location B bin(c2s) B is 
found on tape 1, or tape l’s end is found. If the end was reached, write 0 on tape 
3, since c C23 = Co- Otherwise copy the tape 2 block corresponding to tape 1 onto 
tape 3, as the tape 2 block contains 6m(c( C23 )), and return to standard position. 

Finally, “other operations” XO := XO Operation Xi can be simulated as long as they 
denote Turing-computable functions on natural numbers. This holds for all operations 
in the various RAM models which have been proposed. 

8.5 Compiling TM to GOTO 

For simplicity of notation we describe how to compile one-tape Turing machine programs 
into equivalent GOTO programs; the extension to multiple tapes is obvious and simple. We 
follow the “common pattern.” The encoding of Turing machine tapes as GOTO values 
uses the encoding c 0 ib defined in Figure 8.5. 

A Turing machine store a = L S R will be represented by three GOTO variables Lf, 
C, Rt, whose values are related to the tape parts by C = (notation defined in Figure 
8.5), Rt = Coib(R), and Lf = c 0 ibL, where L is L written backwards, last symbol first. 
A Turing machine program p = 1 1;I2; • • • I& is compiled into a simulating GOTO-program 
p = Ii;I 2 ;...Ifc, where each 1 ^ is the sequence of GOTO commands defined next (with some 
syntactic sugar for readability). 

TM command GOTO code must achieve 

right if (=? Rt nil) then Rt := (nil . nil); 

Lf := cons C Lf ; C := hd Rt; Rt := tl Rt; 

left if (=? Lf nil) then Lf := (nil . nil); 

Rt := cons C Rt ; C := hd Lf; Lf := tl Lf; 

write S C := d where d = 

if S goto £ if C = d then goto £ where d = 

The initial GOTO store for Turing Machine input BR is 

[Rt 1—» coib(R),C 1—» nil,Lf f—> nil] 

It is straightforward to prove that p correctly simulates the actions of p. 
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8.6 Compiling GOTO to CM 

CM program values are natural numbers, so we represent tree structures in ID by numbers, 
using c pr as defined in Figure 8.5. For every GOTO variable with value x, there will be 
a corresponding CM variable with value c pr (x). Consequently every CM variable will have 
value 0 or 2 U 3 V for some and both u and v will have the same property (recursively). 

A GOTO program p = Ii;l 2 ;...Ifc is compiled into a simulating CM-program p = 
1 1 ; I 2 ;... I A: 5 where each I; is the sequence of extended CM commands defined next (with 
some syntactic sugar for readability). 


GOTO command 
Xi := nil 
Xi := cons Xj Xk 
Xi := hd Xj 
Xi := tl Xj 
if Xi = a goto £ 


Extended CM code 

Xi := 0 

Xi := 2 x i • 3 Xk 

Xi := u where Xi=2 n -3 V 

Xi := v where Xi=2 u -3 V 

if Xi = c pr ( a) then goto £ 


It is straightforward to prove that p correctly simulates the actions of p. The only 
remaining task is to show that these extended CM-commands are in fact CM-computable. 

Definition 8.6.1 Function / : IN k —» IN ± is CM -computable iff there is a CM-program 
q with counters XI,... ,Xk such that if (To = [1 > aq,...,/c 1 —> Xk, all other z 1 —> 0] and 
y, x \,..., x n G TV, then 

f(xi,...,x n ) = y iff qhcr 0 ->* [0 1 —> t/,- - 

Lemma 8.6.2 The following functions are all CM-computable, where c is any constant: 
a(x) = x + c, g(x, y) = x + y, h(x, y) = x • y, e(x) = c®, and 
m(x) = ma x{y \ 3z . x = c v • z}. 

Proof. The c-instruction sequence X1:=X1+1; . . . ;X1:=X1+1 computes function a(x) = 
x + c. Functions g(x,y) =x + y , h(x,y) =x-y , and e(x) = c x are computable by the three 
programs: 

XO := XI; while X2 ^ 0 do { XO := XO+1; X2 := X2-1 } 

X3 := XI; XO := 0; 

while X2 / 0 do { XO := XO + X3; X2 := X2-1 } 
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X3 := XI; XO := 1; 

while X2 ^ 0 do { XO := XO • X3; X2 := X2-1 } 

This nearly completes the proof that the functions used in the compilation are CM- 
computable, except for m(x). This is left as Exercise 8.1. □ 

8.7 Compiling CM to 2CM 

Lemma 8.7.1 Suppose CM program p has one input and contains k variables XI,... ,Xk 
where k > 3. Then there is a CM program q with only two variables Y, Z such that 2 [[pj 
can be implemented by [[qj by encoding c 2 cm(^) = 2 x . □ 

Proof. Each command of p will be replaced by a sequence of commands 1^ in q. 
Variables Xl,...,Xk are represented in q by two variables Y, Z. Letting h be the k -th 
prime number, the following simulation invariant property will be maintained: 

If variables XI, X2,...Xk have values x±,X 2 ,. •. ,Xk (respectively) before exe¬ 
cution of any p-instruction 1^, then 

Value_of(Y) = 2 Xl • 3* 2 •... • h Xk 

will hold before execution of the corresponding q-instruction sequence I^. 

Explanation of the simulation method: variable Z is used as an auxiliary. Assuming the 
simulation invariant to hold, operations X2:= X2 + 1, X2 := X2 - 1, and X2=0? (for 
instance) can be realized by replacing y by 3 • y, or y-r- 3, or deciding whether y is divisible 
by 3. It is easy to see that these can be done with two counters; for example y-r-3 can 
be computed by 

while Y>0 do { Y:=Y-1; Z:=Z+1 } 
while Z > 4 do (Y := Y+l; Z := Z-3 } 

where the test Z > 4 and the operation Z := Z-3 are easily programmed. Operations on 
the other Xi are similarly realized, completing the construction. Initially p has its input 
x as value of XI, and every other variable has value 0. By the invariant this corresponds 
to initial q value y = 2 X • 3° • 5° •... = 2 X of Y. Thus q is a 2-counter program which, given 
input y = 2 X , terminates with y = • 3° • 5° •... = 2^ x \ as required. □ 

2 Recall Definition 3.3.2. 




136 Robustness of Computability 


Theorem 8.7.2 Any CM-computable function f(x) can be implemented by a 2CM- 
computable function. □ 

Corollary 8.7.3 The halting problem HALT-2CM for 2CM programs is undecidable. □ 


Exercises 


8.1 Show that the function: m{x) = ma x{y \ 3z. x = c y • z} can be computed by a counter 
machine program, for any fixed c. □ 


8.2 Give a compiling function from WHILE programs to GOTO programs. Illustrate 
on a small example. □ 


8.3 Give a compiling function from GOTO programs to WHILE programs. Illustrate 
on a small example. □ 


8.4 Prove Corollary 8.7.3. 


□ 
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9 Computability by Functional Languages 

(partly by T. JE. Mogensen) 


9.1 A first-order functional language 

The language WHILE is imperative. This means that WHILE programs have a global 
store that they update by means of assignments. In contrast to this, functional languages 
do not have a store. Instead they pass values to other functions in calls and receive values 
when these functions return a result. This difference is reflected in the syntax of programs 
in that a functional language typically has a syntactic category for expessions but, unlike 
WHILE, none for commands. 

9.1.1 The language F 

The language F is a simple first order Lisp-like functional language whose programs have 
one recursively defined function of one variable. It resembles language I of Section 4.2 
in that data is built by cons from the single atom nil. 

Definition 9.1.1 Let F -data = D. We use the conventions d,e,f,... G ID. Let X be a 
variable. The informal syntax of programs is given by the following grammar: 

Program 3 P ::= E whererec f(X) = B 

Expression 3 E,B ::= X 

nil 
hd E 
tl E 

cons El E2 

if E then El else E2 
f E 

The semantics of E whererec f (X)=B is defined in Figure 9.1 by functions: 

V : Program —» (ID —» IDjJ 
£ : Expression —» (Expression —■» (ID —»D^)) 

□ 
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£[XjBv 

= v 


£[nil]]Bv 

= nil 


£[cons El E2jBv 

= (di.d 2 ) 

if £[[El]]Bv = di, £\ E2jBv = d 2 

£[hd EjBv 

= di 

if £ JE]]Bv = (d r d 2 ) 

£[[hd EjBv 

= nil 

if £[[E]]Bv G A 

£[[tl EjBv 

= d 2 

if £ [[Ej| Bv = (d 1 .d 2 ) 

£[[tl EjBv 

= nil 

if £[[E]]Bv G A 

£ [[if E then El else E2]Bv = 

= d 

if £[[E]]Bv ^ T or nil, ^[[EljBv d 

£ [[if E then El else E2jBv = 

= d 

if f [[E]]Bv nil, f [[E2jBv d 

£[f EjBv 

= w 

if £[[EjBv = u and £[[B]]Bu = w 

"P[[E0 whererec f(X) = Bjv 

= £[E0]]Bv 



Figure 9.1: Meanings of F -programs £ : Expression —» Expression —> ID —> 


The function £[E]] B v gives the result of evaluating expression E, assuming variable X has 
value v, and that E occurs within a recursive program of form E whererec f (X) = B. If 
the expression never terminates on the given value v (due to a never-ending recursion), 
then £{E} Bv will not be defined. 


Example 9.1.2 The expression append (cons (al. . .am) (bl. . .bm)) returns the list 
(al... am bl...bm) . 


append Z whererec append(Z) = 
if (hd Z) then cons (hd hd Z) 

else (tl Z) 


(append (cons (tl hd Z) (tl Z))) 



Example 9.1.3 The following is a “tail recursive” version of the reverse program in 
F, esentially the imperative program of Example 2.1.4, written in functional style. The 
expression reverse (cons X nil) returns the list X reversed. The program does so by 
keeping the two variables X and Y from the corresponding WHILE program in packed 
together in the single F variable, here called Z. An update of a variable in WHILE is 
simulated by a function call in F. 

rev (cons Z nil) whererec rev(Z) = 
if (hd Z) 

then reverse (cons (tl (hd Z)) (cons (hd (hd Z)) (tl Z)) ) 
else (tl Z) 
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9.1.2 The language F+ 

An F+ program has programs with several multi-parameter functions defined by nutual 
recursion: 

E whererec f1(XI...Xk)=El, fn(Yl,...,Ym)=En 

The task of Exercise ?? is to define its semantics in a manner resmbling that above for 
F. The purpose of Exercise 9.3 is to show that this richer version of the F language is no 
more powerful than the simple one seen above. 


9.2 Interpretation of I by F and vice versa 

In this section we are concerned with the problem of writing interpreters for F in WHILE 
or I, and vice versa. One half of this will be left to the Exercises: 

Proposition 9.2.1 There exists an interpreter intIF for I written in F. 

Proof. See Exercise 9.4. □ 

Proposition 9.2.2 There exists an interpreter intFI for F written in I. 

Proof. First we need a way to express F programs as data values. This is done in 
Figure 9.2, where var', quote',... ,doif' are chosen to be elements of D, all distinct. 


E whererec f(X)=B = 

= (E.B) 

X 

= (var 7 ) 

d 

= (quote 7 d) 

cons E F = 

= (cons 7 E F) 

hd E 

= (hd' E) 

tl E 

= (tl'E) 

if E F G 

= (if'EFG) 

f (E) 

= (call' E) 


Figure 9.2: F programs as data values 
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An interpreter intFWHILE for F written in WHILE can be obtained by modifying the 
expression evaluation part of WHILE’S universal program from Section 4.1, partly by 
adding new variable B that is used as in the semantic equations defining F. The resulting 
interpreter appears in Figure 9.3. 

The STEP command is similar to the one in the WHILE 1 var interpreter written in 
WHILE with two exceptions: the rules pertaining to commands have been removed, and 
three new transitions have been added to deal with function calls. 

How they work: the call assigns to X the call’s argument. After the argument has been 
evaluated and placed on the computation stack (variable w), operation do call' saves the 
current value v of X by pushing it on the code stack. The new code stack top becomes 
the body B of the enclosing program, thus setting the recursive call in action. Once this 
is finished with its result u on top of the computation stack, operation return' restores 
X to its previous value. 

Although interpreter intFWHILE only uses the atom nil, it has several variables. 
These may be compressed into one as in Section 3.7.1, yielding the desired interpreter 

intFI. □ 

9.3 A higher-order functional language LAMBDA 

A commonly used model of computation is the lambda calculus [?], [?]. It is, however, 
seldom used in complexity texts as the notion of a computation cost is unclear. This is 
both because the number of reduction steps depends heavily on the reduction strategy 
used and because the basic reduction step in the lambda calculus - /3-reduction - is 
considered too complex to be an atomic computation step. We will not investigate these 
issues here, as our prime objective is to show that the lambda calculus has the same 
computation power as the I language, and hence the same as WHILE. 

Expressions in the lambda calculus are either variables, lambda-abstract ions or ap¬ 
plications: 

A ::= x\ | X 2 

Xxi .A 
A A 

We will, for readability, often use (possibly subscripted) single-letter names for the Xi. 
In the expression A x .E, the variable x is bound by the A and has scope in the expression 
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read X; (* X will be ((E.B).D) where D input *) 

Cd := cons (hd hd X) nil ; 


(* Cd top = Expression to be evaluated *) 


B 

:= tl hd X; 

(* Body of function definition 

*) 

VI 

:= tl X; 

(* Initial value of simulated X 

*) 

St 

:= nil; 

(* Computation stack 

*) 


while Cd do STEP; 
X := hd St; 
write X 

where STEP is: 


rewrite [Cd, St] by 


[((quote' D).Cr) , 

St ] 

=> 

[ Cr, cons D St ] 

[((var') .Cr) , 

St ] 

=> 

[ Cr, cons VI St ] 

[((hd' E).Cr), 

St ] 

=> 

[ cons* E dohd' Cr, St ] 

[ (dohd'. Cr) , 

(T.Sr) ] 

=> 

[ Cr, cons (hd T) Sr] 

[((tl' E).Cr), 

St ] 

=> 

[ cons* E dotl' Cr, St ] 

[ (dotl'. Cr) , 

(T.Sr) ] 

=> 

[ Cr, cons (tl T) Sr ] 

[((cons' El E2).Cr), 

St ] 

=> 

[ cons* El E2 docons' Cr, St] 

[ (docons'. Cr) , 

(U.(T.Sr)) ] 

=> 

[ Cr, cons (cons T U) Sr ] 

[((call' E).Cr), 

St ] 

=> 

[ cons* E docall' Cr, St ] 

[ (docall'. Cr) , 

(W.Sr) ] 

=> 

{ Cd := cons* B return' Cr; 

St := cons VI Sr; VI := W } 

[ (return'. Cr) , 

(U.(V.Sr)) ] 


{ Cd := Cr; 

St :=cons U Sr; VI:= V } 

[((if' E F G) .Cr) , 

St ] 

=> 

[ cons* E doif' F G Cr, St ] 

[(doif'. (F.(G .Cr))), 

(nil.Sr) ] 

=> 

[ cons G Cr, Sr ] 

[(doif'. (F.(G .Cr))) , 

(D.Sr) ] 

=4> 

[ cons F Cr, Sr ] 


Figure 9.3: Interpretation of F by WHILE 


E. We use the usual abbreviations: 

A ab...c.A = Xa.Xb.--Xc. A 
AB...C = (( AB)...C) 

where a,6,c are arbitrary variables and A,B,C are arbitrary lambda expressions. We 
call a lambda expression closed if it has no free (unbound) variables. 

The intuitive meaning of an abstraction Xx.E is a function that takes a value for the 
variable x and computes the value of the expression E (which may contain x) given that 
value. Application F B corresponds to applying a function F to a value B. This is 
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modeled by the basic computation step in the lambda calculus, (3-reduction : 

Definition 9.3.1 A (3 -redex (or just redex) is an expression of the form (A x.A) B. 
/3-reduction is done by the following rule: 

(A x.A)B A[x := B] 

where the substitution A[x := B] replaces free occurrences of x with B and renames 
bound variables in A to avoid clash with free variables in B: 


x[x := A] = A 

y[x := A] = y 

(B C)[x := A] = (B[x := A]) (C[x := A]) 

(A y.B)[x:=A\ = Xz. ((B[y := z])[x := A]) 


lix^y 

where z is a fresh variable 


/3-reduction can be performed anywhere in a lambda expression, and we lift the notation 
A—>p B to mean that A reduces to B by a single /3-reduction anywhere in the term A. 
The reflexive and transitive closure of is denoted by — 

A term is said to be in (full) normal form if it contains no /3-redexes. A normal form 
of a lambda calculus term A is a normal form term B that can be obtained from A by 
repeated /3-reductions (z.e., A —B). Not all terms have normal forms. 


The Church-Rosser theorem [8] shows that the order of reductions in a certain sense 
doesn’t matter: if, starting with the same lambda expression, two sequences of reductions 
lead to normal forms (lambda expressions where no /3-reductions can be performed), then 
the same normal form will be reached by both reduction sequences. Hence, it makes sense 
to talk about the normal form of a term, if any such exist. 


Theorem 9.3.2 If A —B and A —C then there exists a term D such that B D 
and C — D. 
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The theorem actually proves more than the uniqueness of normal forms: If, starting 
with a lambda term A, you perform two different reduction sequences and obtain the 
terms B and C (which need not be in normal form), there exist a term D (also not 
necessarily in normal form) such that both B and C reduce to D (using different reduction 
sequences). A diagram: 

Theorem 9.3.3 If lambda-expression M has a normal form at all, it can be obtained 
by repeatedly locating and reducing the leftmost innermost redex (A x.A) B. 

A remark on efficiency. This stragey does not seem especially efficient, as it involves 
repeatedly scanning the current A-expression in search of redexes. Further, the order of 
reduction can have significant impact on the number of reductions required to reach the 
normal form, and indeed even on whether any normal form at all is reached. (Reductions 
can continue indefinitely without terminating.) 

Practical implementations of functional languages based on the lamda-calculus use 
one of the following two alternatives to the above: 

Definition 9.3.4 The call-by-value reduction strategy reduces an application MN as 
follows: 

1. First, reduce the operator M to a normal form. Stop if this is not of form A x.P 

2. Second, reduce the operand A to a normal form, call it N '. 

3. Then /^-reduce (Xx.P)N'. 

Definition 9.3.5 The call-by-name reduction strategy reduces an application MN as 
follows: 

1. First, reduce the operator M to a normal form. Stop if this is not of form A x.P 

2. Then /^-reduce (Xx.P)N. 

Call-by-value is used by the languages LISP, SCHEME and ML. The HASKELL language 
uses a variant on call-by-name known as call-by-need , or lazy evaluation. 

Remark. If expression reduction terminates under call-by-value, then it also terminates 
under call-by-name reductions. 

Various notions of what is considered a value in lambda calculus have been used. 
As we want to represent arbitrary tree-structures, we have chosen to let values be nor¬ 
mal form lambda expressions. For a discussion on other choices, including weak head 
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normal forms and head normal forms and on the mathematical models of computation 
these imply, see [8]. This also discusses properties of different strategies for the order of 
reduction. 

We define the language LAMBDA as having closed lambda calculus expressions as pro¬ 
grams. Values in input and output are lambda calculus expressions in normal form. Run¬ 
ning a program P with inputs X \,..., X n is done by building the application P X\ ... X n 
and reducing this to normal form. The output of the program is the normal form obtained 
this way. 


9.4 Equivalence of LAMBDA and the other models 

We will first show that LAMBDA is as powerful as I by writing an interpreter for I in 
LAMBDA. Then we will write an interpreter for LAMBDA in an extended version of the simple 
functional language F. Since the equipotency of F and I has already been established in 
section 9.2, this concludes our argument. 


9.4.1 Implementing I in the lambda calculus 

We will now write an interpreter for I in LAMBDA. To do so we must first decide how to 
represent syntax of I programs and values in the domain ID. 

Values can be represented in many ways in the lambda calculus. We have chosen the 
representation strategies of [133] and [132]. Values in ID are represented by a represen¬ 
tation function [ ] D : ID —» A, defined as follows: 


[nil] 10 = Xab.a 

= Xab.b \v \ D \w ] :D 


We can do case analysis on a pairs -value v by applying it (or rather, its representation) 
to two LAMBDA expressions N and P. If v is nil, then [v] 10 N P reduces to N. If v is a pair 
(a,b), then [v] 10 N P reduces to P [a] 10 [b] 10 . Hence, by letting P = A ht.h, we can take 
the head of v and by letting P = Xht . t, we can take the tail. 
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We recall the syntax of I: 


Program 

Command 


3 P 
3 C, D 


• • 


Expression 3 E,F ::= X 


read X; C; write X 
X := E 
C ; D 

while E do C 


nil 

cons E F 
hd E 
tl E 


First we want to represent expressions. We use a somewhat different representation 
strategy than for values. We let the representation of an expression E, \E] S be Xxcht.E , 
where -A is defined by 




nil 


£ 


cons E F 

£ 


£ 


hd E 
tlE 


£ 


x 


E> 


fnill 


c E F 


£ 


h E 


t E S 


—£ —£ 

Note that E uses the variables x,c,h and t bound by the A in Xxcht.E . These variables 

‘tag 5 expressions with their kinds {x for X, c for cons, h for hd and t for tl). Note that 

nil has no tag. We represent commands in a similar way: [C] c = Axsie.C^, where is 

defined by 


X := E 
C : D C 


c 


while E do C 


C 


x \E~} S 
s C° D C 


w [E] 


s 


And finally we represent programs by 


[read X; C; write X] 


v 


[cl 


C 


That is, we represent a program by the command it contains. Figure 9.4 shows an I 
program and its encoding as a LAMBDA term. 
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read X; 

X := cons X nil; 
while hd X do 

X := cons (tl (hd X)) (cons (hd (hd X)) (tl X)); 

X := tl X; 
write X 

Above: an I program for reversing a list. Below: the encoding of the reverse program. 

Xxsw . 

s (x (A xcht.c x (A ab.a))) 

(s (w (A xcht.h x) 

(.x (A xcht.c (t (h x)) (c (h (h x)) (t x))))) 
x (A xcht.t x)) 

The layout of the encoding reflects the layout of the I program. 

Figure 9.4: An I program and its encoding 

9.4.2 Implementing the semantics of I 

We will first construct a LAMBDA expression eval, which will take the representation of 
an expression and the value of X and return the value of the expression. Using this, we 
will construct a LAMBDA expression do, which will take the representation of a command 
and the value of X and return the value of X after the command has been executed. This 
will be our interpreter of I in LAMBDA. 

Running an I program P on input v is done by running the LAMBDA program do on 
inputs \P~] V and [v] 0 . This will yield a normal form [w] D if and only if P given the 
input v yields an output w. 


Evaluation of expressions We now define the LAMBDA expression eval for evaluating 
expressions: 

eval = AEx.E x 

(A htab.b h t ) 

(Xd.d d (Xht.h)) 

(A d.d d (A ht.t)) 
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The idea is that when evaluating an expression every occurrence of the ’tag' (variable) x 
in the representation of an expression will be replaced by the current value of X, every 
’tag’ c by a function Xhtab.b h t that can cons two arguments, every h by a function 
that takes the head of a pair (and returns nil if given nil as argument) and every t by a 
similar function returning the tail of a pair. Note that since the constant nil is untagged 
in the representation of expressions, it is returned unchanged by eval. 

Execution of commands We use a similar idea for the do function. The recursive 
nature of the while command is a bit complex, though. We first present do, then explain 
the details 

do = AC.C eval 

(A cdx.d (c x)) 

(AEc.W W) 

where 

W = Aicx.eval E x (Xw.x) ( Xhtw.w w (c x)) w 

Occurrences of eval and W represent that the entire expressions these names represent 
should be inserted in place of the names. This is just substitution of text. This means 
that the variables E and c used in W are bound by the A in the last line of the definition 
of do (the line that uses W). 

Similar to before, interpretation of a command C will replace occurrences of the 
tagging variables x, s and w in the representation of C by functions that ’do the right 
thing’ with the commands. For the assignment command X := E, this is eval, which 
evaluates E and returns its value, which becomes the new value of X. For composite 
commands C ; D, the function A cdx .d (c x) will first execute C (by its execution function 
c) and pass the new value of X to the execution function d of D, which then produces the 
final value of X. 

Execution of the while statement is more tricky. The function AEc.W W takes the 
condition expression E of the while command while E do C and the execution function 
c of the body C and then self-applies W. This yields 

Ax.eval E x (A w.x) ( Xhtw.w w (c x)) W 

When this is given a value xo of X, eval E xo evaluates E with respect to this value. If 
the result of the evaluation is nil, the situation becomes 

(A ab.a) (A w.xq) (A htw.w w (c xq)) W 
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since [nil] 0 = (A ab.a). This reduces to 
(Aic.Xq) W 

and finally to xq. This is correct, as a nil condition terminates the while loop and 
returns the value of X unchanged. If instead the condition evaluates to a pair (p. q), we 
get 


(A ab.b (Xw.xq) (Xhtw.w w (c xo)) W 

since [(p.q)] 10 = A ab.b [p] 10 [q] 10 . This reduces to 

(A htw.w w (c xo)) [p] 0 [q] 0 ) W 
and then to 

WW (c x 0 ) 

and finally (recalling the definition of W) to 

(Ax.eval E x (Aix.x) ( Xhtw.w w (c x)) W) (c x 0 ) 

which is the same as before we started executing the while loop, except that the value 
xo of X has been modified by the execution function c the body C of the loop. Hence, the 
entire while command is redone using the new value of X. 


Termination and time complexity Readers familiar with the lambda calculus might 
wonder why we haven’t used a fixed-point operator to model the while loop. The reason 
is that the present method is more robust with respect to changes in reduction order: If an 
I program P terminates on some input x, then (do |\P]^ ["x]- 10 ) terminates regardless of 
the order of reduction used to reduce lambda expressions. For certain reduction strategies 
(including call-by-value), the number of /^-reductions required to reach the normal form 
is proportional to the number of primitive operations performed by running P (as an I 
program). 
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9.4.3 Interpreting the lambda calculus in F+ 

In our interpretation of the lambda calculus we are interested in reduction to normal form. 
This means that we can’t use the simple abstract machines for reducing lambda-ter ms to 
weak head normal form (WHNF). Instead we will develop an abstract machine that does 
a one-step parallel reduction (reduces all redexes, even under lambdas) and iterate this 
until no redexes are left. Parallel reduction with systematic renaming of bound variables 
can be expressed by the function .R[[_]] : A —> Env —» IN —» A, where p G Env : Var ^ A 
is a mapping from variables to LAMBDA terms. The number n G IN is used for renaming 
variables: A lambda at nesting level n will use the name x n . To obtain a normal form, 
]] must be applied repeatedly until no redexes remain, z.e., when the second rule isn’t 
used anywhere in the term. 

i?[[x]]pn = p x 

Rl(Xx.ei) e 2 \pn = R\e{^p[x \= R\e 2 \pn\n 

R^e i e 2 \pn = (R\e 2 \pn) if e\ ^ Xx.e' 

R\Xx.e\pn = Xx n . (R\e\p[x := x n \(n + l)) 

The notation (R^ei^pn) (Rf\e 2 \pn) indicates that an application expression is built from 
the components R\e\\pn and R\e 2 \pn. Likewise, Xx n . (R\e\p[x := x^(n + 1)) indicates 
building of an abstraction expression. These should not be confused with semantic ap¬ 
plication and abstraction as used in denotational semantics. 

With a suitable representation of syntax, numbers and environments, we can imple¬ 
ment -R[[ ]] in a language F+, which is the functional language F extended with multiple 
functions and multiple parameters as suggested in exercise ?? and with a rewrite com¬ 
mand similar to the one used for the while language. The extensions do not add power 
to the language, which can be shown by providing a translation from F+ to F. We will 
not do so here, though. 

We will represent numbers as described in section ??, hence 0 = nil, 1 = 
(nil. nil), 2 = (nil. (nil .nil) ) etc. We represent the variable Xi by the number 
i. We represent terms by pairs of tags (numbers) and the components of the term: 

L Xi\ E = (0 A) 

|efJ e = (i-(L E J E -L F J E )) 

[Xx t .E\ E = (2.(z.LEj E )) 

Environments (p) are represented as lists of (name.value) pairs. We are now ready to 
write the LAMBDA interpreter: 
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normalize P whererec 

normalize(P) = 

normalize2(r(P,nil,0)) 

normalize2(Q) = 

if tl Q then normalize(hd Q) else hd Q 

r(E,R,N) = 

rewrite [ E ] by 

[ (O.X) ] => [ cons lookup(X,R) 0 ] 

[ (l.((2.(X.El)).E2)) ] 

=> [ cons (hd r(El,cons (cons X (hd r(E2,R,N))) R,N)) 1 ] 

[ (1.(El.E2)) ] => [ auxl(r(El,R,N), r(E2,R,N)) [ 

[ (2.(X.E1)) ] => [ aux2(r(El,cons (cons X N) R,cons nil N), N) ] 

auxl(v,w) = cons (cons 1 (cons (hd v) (hd w))) 

(if tl v then 1 else tl w) 

aux2(v,N) = cons (cons 2 (cons N (hd v))) (tl v) 

lookup(X,R) = 

if equal(X,hd (hd R)) then tl (hd R) else lookup(X,tl R) 

The functions normalize and normalize2 make up the 'main loop' of the interpreter, 
which call r until no further reduction is done, r implements the ]] function. In 
addition to returning the reduced term, r also returns an indication of whether any 
reduction occurs. This is done by pairing the reduced term with 1 if any reduction is 
done and 0 if no reduction occurs. A few auxiliary functions are used to propagate this 
information. The four cases in the case expression correspond to the four equations of 
]]. lookup fetches the value of a variable in an environment. 

Time complexity While this interpreter is guaranteed to find (the representation of) 
the normal form of a LAMBDA expression if one exists, we cannot say much about the 
complexity of this: An arbitrary amount of work can be done in the interpreter between 
each /^-reduction because we may need to traverse a large term to find a single (3- redex. 
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Also, just counting /^-reductions isn’t a very precise measure of complexity of reducing 
lambda terms, as substitution as defined in definition 9.3.1 can take time proportional 
to the size of term. Cost measures for the lambda calculus not based on the number of 
/3-reductions are discussed in [103] and [134]. 


Exercises 

9.1 Consider an expanded version F' of the language F, where programs contain several 
functions, each with a single argument. Thus the syntax of programs should be 

E whererec fl(X) = El,..., fn(X) = En 

Note that any function may call any other function, or itself. 

Give a semantics similar to Figure 9.1. □ 

9.2 Show how any F' program can be translated into an equivalent F program. □ 

9.3 Define a version F+ of the language F where programs contain several functions each 
of which have several arguments. That is, the syntax of programs should be 

E whererec fl(Xl...Xk) = El,..., fn(Yl,...,Ym) = En 

Show how any F+ program can be translated into an equivalent F program. □ 

9.4 * Prove Proposition 9.2.1. Hint: the pattern used in Section 4.2 will make this 

easier: first, construct the needed interpreter using as many functions and variables as 
is convenient. Then use the result of Exercise ??. □ 

9.5 Find a lambda term 0, such that D —D, z.e., such that it reduces to itself in one 

step. □ 

9.6 Find a family of lambda terms i G IN such that fA —>(3 ^A+i and such that 

Qi = => i = j, z.e., they are all different. □ 

9.7 * A lambda term is called linear if every variable in the term occurs exactly twice: 

Once where it is bound and once inside the scope of that binding. Show that all linear 
lambda terms have a normal form. Hint: Show that a /3-reduction strictly reduces the 
size of a linear term. □ 
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10 Some Natural Unsolvable Problems 


We have seen earlier that there are problems that cannot be solved by programs in 
WHILE or any other of the computation models we have considered. By the Church- 
Turing thesis, these problems cannot be solved by any notion of effective procedures at 
all. 

Until now, the unsolvable problems we have considered all concern program proper¬ 
ties: first, the Busy Beaver and halting problems, subsequently extended to all non-trivial 
extensional program properties in Rice’s theorem. In this chapter we prove unsolvable 
some other problems: Post’s correspondence problem, and several problems concerning 
context-free grammars (emptiness of intersection, ambiguity, and exhaustiveness). After 
an introduction, each of the remaining sections is each devoted to one of these problems. 

10.1 Do there exist natural unsolvable problems? 

We have argued, we hope convincingly, for two points, one formal and one informal: 

1. That the halting problem for WHILE programs is not decidable by any WHILE pro¬ 
gram. 

2. That decidability of membership in a set A by any intuitively effective computing 
device is exactly equivalent to decidability of membership in A by WHILE programs. 

Point 1 is analogous to the classical impossibility proofs e.g. that the circle cannot be 
squared using tools consisting of a ruler and a compass. It asserts that one particular 
problem, the halting problem, cannot be solved be means of any of a powerful class of 
tools: WHILE programs. 

Point 2 is a version of the Church-Turing thesis. It cannot be proven, as it equates 
an intuitive concept with a formal one. On the other hand it is widely believed, and 
we have given evidence for it by showing a variety of different computing engines to be 
equivalent. 

If we assume the validity of point 2, then point 1 comes to carry much more sig¬ 
nificance. In particular, it implies that the halting problem for WHILE programs is not 
decidable by any intuitively effective computing device whatsoever. 

The halting problem is not completely unnatural in computer science, since an oper¬ 
ating system designer could have a lively interest in knowing whether the programs to be 
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executed will run the risk of nontermination. Such knowledge about program behavior 
in general is, alas, doomed to failure by the undecidability of the halting problem, and 
Rice’s Theorem (see Theorem 5.4.2 and Exercise 5.5.) 

The arguments used to prove point 1 use only accepted mathematical reasoning meth¬ 
ods (even though the argument is subtle). Nonetheless, the halting problem for WHILE 
programs is not a natural problem, as it is hard to imagine a daily mathematical context 
in which one would want to solve it if one were not a computer scientist working in 
operating systems or computability theory. 

This discussion motivates the desire to see whether there also exist natural but un- 
decidable problems. In this chapter we will present some simple problems that on the 
surface seem to have nothing to do with Turing machines or WHILE programs, but that 
are undecidable since if they were decidable, then one could also decide the halting prob¬ 
lem. More generally, this technique is called reduction ; a common definition in terms of 
set membership problems is seen below. 

In part III we present yet another undecidable problem, concerning diophantine equa¬ 
tions (whether a polynomial equation possesses integer roots), that was among Hilbert’s 
list of problems, posed in 1900. It was finally shown to be undecidable, but only in 1970 
after years of effort by many mathematicians. 

Definition 10.1.1 Suppose one is given A Cl and B CY. Define A to be reducible 1 
to B if there is a total computable function / : X —> T such that for all xGl, we have 
x G A if and only if f(x) G B. 

Symbolically, we write this relation as A < B. □ 

rec 

Theorem 10.1.2 If A < B and B is decidable, then A is also decidable. Contraposi- 

rec 

tively, if A < B and A is undecidable, then B is also undecidable. 

rec 

Proof is immediate, as one can answer any question “x G AT' indirectly, by constructing 
f(x) and then testing whether f{x) G B. Since / is a total computable function and B 
is decidable, this describes an effective terminating process. □ 

1 More specifically: reducible by a many-one recursive reduction of A to B (other problem reductions 
exist, e.g. the polynomial-time ones used in later chapters.) 




An undecidable problem in string rewriting 155 



Figure 10.1: A < B if the question x G A? can be reduced to the question f(x) G B1 


rec 


10.2 An undecidable problem in string rewriting 

10.2.1 An undecidable problem in string rewriting 

A string rewriting (or semi-Thue 2 ) system over an alphabet E is a finite subset of E* x E*, 
i.e. a finite set R = ..., of pairs of strings where each u^Vi G E*. A 

pair (u,v) G R is called a rewrite rule or production. We often write u ::= v instead of 
(u,v) G R. An example with E = {A,a,b,c} is: 

R = {(A, a A a), (A,b Ab), (A, c), (A, aca)} 

or, equivalently, 

/? = { A :: = aAa, A::=bAb, A::= c, A::= aca} 

For a string rewriting system R over E, the one-step rewrite relation between strings 
in E* is defined by: 

rus => rvs iff u ::= v G R and r, s G E* 

In our example, for instance, 

A => aAa 

aAa => aaAaa 

aaAaa aacaa 


2 Named after the Norwegian mathematician Axel Time. 
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The multi-step rewrite relation or derivation relation is the transitive, reflexive closure 
of =>, defined for all r,g,/i G £* by: 

1. If g h then g h. 

2 . 9 =^* 9 for any g. 

3. If g r and r =>* h then g =^>* h. 

In our example, for instance, 

A A 

A aia 

A =^>* aacaa 

10.2.2 String rewriting: undecidability of derivability 

Theorem 10.2.1 The following problem DERIV is undecidable: given a string rewriting 
(or semi-Thue) system R over alphabet £ and two strings r, s G £*, to decide whether or 
not r =>* s. 

Proof. This is shown by reduction from the the halting problem for two-counter machines: 
HALT-2CM < DERIV. Recall that the instructions of a two-counter machine program 

rec 

must lie within the set 

{X := X+l, X := X-l, Y := Y+l, Y := Y-l, 
if X=0 goto £ else £', if Y=0 goto £ else £’} 

Explicit instruction labels are written for notational convenience. As running example 
we use program p that doubles its input x, with F as “end-of-execution” label: 

A: if X=0 goto F else B; 

B: X := X-l; 

C: Y := Y+l; 

D: Y := Y+l; 

E: if X=0 goto F else B 

We use reduction, showing that if the derivability problem were decidable, then the 
halting problem for two-counter machines would also be decidable. 

Suppose we are given a two-counter program p = Lp Ii • • • L m : I m with variables X 
(for input) and Y (initially zero), and natural number x as input. Begin by constructing, 
from program p and input x, the string rewriting system R of Figure 10.2. 

We will show that (p,x) G HALT-2CM if and only if R G DERIV. 
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R is constructed with alphabet 

£ = {#, 1} U { | 1 1 is an instruction} 

Notation: a store (£,u,v) containing control point and values u,v of variables X, Y will 
be represented by a configuration string of form C = l v in £*. 

The following is shown by an easy induction. Assertion : for any m, there is a com¬ 
putation p b Ci —> C m if and only if 

#l* Cl # ^ #C m# 

Consequently S #l w L m+1 T ; # for some u,v if and only if p terminates on input x. 
This implies S £ if and only if p terminates on input x, so if the derivability problem 
could be solved, one could also solve the halting problem, which we know to be unsolvable. 

□ 

Figure 10.3 shows the effect in the running example, with input x = 2. 



Figure 10.2: Construction of string rewrite system to simulate a two-counter program. 
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Common rules: 

Rules for instructions: 

S : 

FI : 

IF : 

#F# : 

: #11A 

F 

F 

: 5 

1A : 

#A : 

IB : 

#B : 

IB C : 

: #F D : 

C IE : 

: #C #E : 

D1 

El 

IB 

: #F 


Figure 10.3: Example of rewriting rules to simulate a two-counter program. 

10.3 Post’s correspondence problem 

Definition 10.3.1 Post’s correspondence problem PCP is defined as follows. Given 
a sequence of pairs P= (ui,Vi), (^ 2 ,^ 2 )?•••> (u n ,v n ) of nonempty strings over a finite 
alphabet £, the problem is to determine whether or not there exists an index sequence 
i \,... ,i m such that 

U i\ U i2 ' ' • U im ~ V i-2 ’ ' ’ V im 

For instance, the pair sequence (a,ab),(b,ca),(ca,a),(abc,c) has solution sequence 
1,2,3,1,4, with both sides above yielding 

u\U 2 usU 1 U 4 = (a)(b)(ca)(a)(abc) = abcaaabc 

= (ab) (ca) (a) (ab) (c) = viv 2 v^viv A 

On the other hand, one can verify that the sequence given by (a,ab), (b,ca), (ca,a), 
(ab,cc) has no solution sequence at all. 

A notational convenience: we will write Tin place of index sequence and 

and v? for (respectively) .. . ,u irn and ... ,Vi m - Given this the PCP can be 

restated simply as: does U? = v? for some 1 ? 

If u? z = v?, then we call 2 the remainder of over u?. 

Theorem 10.3.2 The Post correspondence problem is undecidable. □ 

We begin by reducing the derivability problem r =>* s for string rewriting system R 
to a restricted version RPCP of the PCP. Thus DERIV < RPCP, so the RPCP is 

rec 

undecidable. Afterwards, we show that DERIV < PCP, and so the general PCP is also 

rec 

undecidable. 

Although the constructions involved are simple, careful reasoning is needed to prove 
that they behave as desired. 
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Index i 

Ui 

Vi 

6 

A 

A 

7 

a 

a 

8 

b 

b 

9 

c 

c 

10 

# 

# 


Index i 

Ui 

Vi 

1 

# 

#A# 

2 

abcba#^: 

# 

3 

A 

aHa 

4 

A 

bAb 

5 

A 

c 


Figure 10.4: Example RPCP simulating a string rewrite system. 


Lemma 10.3.3 The rooted Post correspondence problem RPCP is undecidable: given 
P = (iq,rq), (u 2 ,v 2 ),. . •, (u n ,v n ) G X*, does there exist an index sequence i 1; ... ,z m such 


that ii 


1 and Ui ± Ui 2 


? 


Ui 


m 


Vi x V i2 


5 


Vi 


? 


m 


□ 


Construction for Lemma 10.3.3 to establish DERIV < RPCP. 

rec 

Suppose we are given a string rewriting system R= {(iqu), (V,P),...} of pairs of 
strings where each u,v G X*, and strings r, s in X*. Its derivability problem is to decide 
whether r =>* s. 

Construct the following RPCP problem P over alphabet SU{#} where # is a new 
symbol not in S; and («i,vi) = (#,#r#), and (u 2 ,v 2 ) = (s##,#): 


P= {(#,#?•#),(*##,#)} UJiU {(a,a) | aeSora = #} 


i=1 


i=2 


To distinguish the two sets of pairs R and P, we will use production notation u ::= v for 
R instead of writing (u,v) G R. Figure 10.4 shows the result of applying this construction 
to the rewriting system with X = {A. a,b, c}, r = A, and s = abcba, and rewrite rule set 


R = {A ::= a A a, A ::= bHb, A ::= c} 


The derivation A =>> aHa => abHba =>* abcba is modelled in Figure 10.4 by the sequence 
of pairs 1,3,10,7,4,7,10,7,8,5,8,7,10,2 with 


U 1 U 3 U 1o u 7 u 4U 7 U i o U 7 'u g U 5 U g U 7 'u 10 u 2 

^H^aHa^abAba# abcba#^4 = 

A44 aHa # a bAb a^abcba#^ = 

V 1 VsVioV 7 V4V 7 V 1 oV 7 V 8 V 5 VsV 7 V 1 oV2 □ 


Henceforth an index sequence i not containing 1 or 2 will be called internal. 
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Lemma 10.3.4 The following are equivalent for any t G E*. 

I. r t by the string rewrite system R 

II. uyctff = vir for some internal i 

III. Uizt 2 fft\ — ^ir for some t\R 2 with t = tp 2l and for some internal i □ 

Proof. 

I implies II. We show by induction on m that r => m t implies u\ztff = v\z for some 
internal i. The base case with m = 0 is r =^>* r, immediate with T= £ since (iq,xi) = 

(#>#r#). 

Now assume r => m + 1 t, so r xgy and xgy => xhy = t for some g ::= h E R. By 
induction, uizxgyff = viz for some internal i. Let x — a\.. .a^y = 6i... 6 e where each 
dj i b k G ^ • 

The remainder of v\z over uiz is xgy if] so to extend this partial solution, at least 
enough pairs (u,v) from P must be added to extend u\z by xgy. It is easy to see that 

Utfxhy# = u ir xgy#xhy # = v^xhy# = rqj 

by an appropriate index sequence extending the u and v strings: 

3 = iji---jdpki---k e q 

where indices j\ ...jd add pairs (a, a) that in effect copy x, index p of (g,h) adds g to the 
u string and h to the v string, indices k\...k q copy y by adding pairs (6,6), and index q 
of pair (#,#) adds the final ff to both. 

II implies III. This is immediate, with t 2 = t and t\ = e. 

III implies I is proven by induction, with inductive hypothesis IH(i) : for any t\,t 2 G 
£*, if u\rt 2 fft\ — v\z then r =>* t\t 2 . Clearly this and t = t\t 2 imply I. The base case is 
i = £, so we must show u\ t 2 fft\ = v\ implies r =^>* tit 2 . But 

#t 2 #h = U! t 2 #t 1 = v ± = #r# 

can only hold if t 2 = r and t\ = e. Thus t = t\t 2 = r, so r t is trivially true. 

Inductively, suppose IH{i) holds. Consider internal index sequence ij. We analyse 
by cases over the pairs (Uj , Vj ) G P. 
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Case 1: ( Uj , Vj ) = (/,g) where / ::= g G R. Then 
V'lij t’2 z H z t / i ^1 1 ft'2 z U z t i — ij — 

Now g G E*, so ti = wg for some ic, implying u\rft 2 #wg = vug. Removing g from both 
sides: Ui?ft 2 #w = V\^. 

By IH(i) (with w and ft 2 in place of t\ and t 2 ) we obtain r =>* wft 2 . Thus 
r w/t 2 => wgt 2 = M 2 
as desired. 

Case 2: (uj,Vj) = (c,c) where c G E. Then 
V'lij t'2 z ti z t 1 — 'U’iiCd'2 z i/ z t\ ^iij 

Now c G E, so £1 = wc for some ic, implying uirct 2 #wc = r’ire, and so uir^f^w = 

By 7iL(y) with w and ct 2 in place t\ and t 2 , we obtain r =>* iect 2 = M 2 as desired. 

Case 3: ( Uj , Vj ) = (#,#). Then 

V'lij t / 2 z tl z t 1 ‘Uli z ff z t2 z ff z ti — ^lij — 

This can only hold if t\ = £, and so implies = rqr- By induction this implies 

r =>* t 2 = M 2 = £, as required. □ 

Proof of Lemma 10.3.3. Let RPCP be constructed as above, given a string rewriting 
system R with derivability problem: to decide whether or not r s. By Lemma 10.3.4, 
r =>* s if and only if iqr-s# = tqr for some internal 1 . Clearly if r s the RPCP has a 
solution 172 since (^ 2 ,^ 2 ) = (s##,#) and so 

^1^2 — 'UlT — 'Viiff 1 — ^1T2 

Conversely, suppose the RPCP P has a solution, and consider a shortest 3 one, 1 , among 
these. The first index must be 1 (since it is a RPCP.) Further, for every proper prefix k 
of 1 not containing 2, there is exactly one more occurrence of symbol -#■ in v £ than in 
so 1 must contain 2. Let 1 = k2j. Then 

U r = U^S ##Uj = V £# Vj = v r 

3 If an RPCP (or PCP, for that matter) has one solution, then it has infinitely many, obtainable by 
concatenating as many shorter solutions as wished. 
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Index i 

Ui 

Vi 

1 

[•# 


2 

a»b»c* b*a*#*#* ] 

#•] 

3 

•A 


4 

•A 
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•A 

c« 

6 

•A 

A9 

7 

• a 

a • 

8 

•b 

b« 

9 

• c 

c« 

10 

•# 

#• 


Figure 10.5: Example PCP simulating a string rewrite system. 


implies urs## = (and uj = vf). Thus urs# = vr, which by Lemma 10.3.4 implies 

</ i/ 

r=>*s. □ 

Proof of Theorem 10.3.2. We actually show DERIV < PCP, by modifying the construe- 

rec 

tion of Lemma 10.3.3. Suppose we are given a string rewriting system R over alphabet 
E, and r, s G E*. 

Let new •,[,] be new “padding” and “grouping” characters not in E. For any x = 
ai<22 ... a n with each a* G E, define 


x = a\ • <22 • ... a n • and x = «ai • a 2 ... • a n 


Construct the PCP P' as follows, similar to P constructed for Lemma 10.3.3. 


P'= {([•#,[ *~r •) } U { ( #•#•],#•])} U 

{ 0 - / , 9^) I (/,flO e RU{(a,a) |a<E S or a = #} } 


The effect on the example of Figure 10.4 is seen in Figure 10.5. Proof that in general P 
has a rooted PCP solution if and only if P' has an unrestricted PCP solution is left to 
the exercises. □ 
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10.4 Some problems concerning context-free 

grammars 

Theorem 10.4.1 The following problem is undecidable: given two context-free gram¬ 
mars Gi = (Ni,Ti,Pi,Si) for i = 1 , 2 , to decide whether or not L(Gi) flL(G 2 ) = 0. 

Proof. This is shown by reduction from the PCP. Assume given a set of pairs 
(ui,ui), (^ 2 ,^ 2 ), ••• ? (w n ,v n ) in E* x E*. Assuming disjointness of all the involved sym¬ 
bols and alphabets 4 , we construct from this the two grammars, with N± = {Si,l£}, 


N 2 = {S 2 

11 

= t 2 = 

E U {1,2,.. 

. ,n,A} and production sets 


Pl-- 

= {*51 ::= 

- lEui 

| 2Eu 2 1 . 

nEu n } U {E 

= A 

lEui | 2Eu 2 1 

nEu n } 

P'2 = 

= {5 2 ::= 

- lFvi 

2 Fv 2 .. 

nFv n }\J{F::= 

: A 

lFvi | 2Fv 2 1 

nFv n } 


Clearly Si generates all strings of form i m .. .i 2 i\Aui x Ui 2 ... ,iq m , and S 2 generates all of 
form i m .. .i^iAv^v^ ... ,Vi m . Thus L(Gi) HL(G 2 ) 7 ^ 0 if and only if there there exists 
an index sequence G,... ,i m such that ... ,iq m = ... ,^ m . If it were possible 

to decide emptiness of L(Gi)nL(G 2 ) we could also decide the PCP, and so the halting 
problem for two-counter machines. But this, as we know, is undecidable. □ 

Theorem 10.4.2 The following problem CFAMB is undecidable: given a context-free 
grammar G= (7V,T,P, S), to decide whether or not G is ambiguous 5 . 


Proof. This is shown by reduction from the PCP. Given a set of correspondence pairs 
(Ti, Vi ),..., (u n ,v n ) over alphabet E, construct from this the grammar G= (A, E,P, S), 
with N = {S,Si, A, S 2 ,F} and production set P as follows 



Si :: 

= lEui | 2Eu 2 1 ... 

nFu n 

E :: 

= A lEux | 2Eu 2 1 

nEiii 

S 2 :: 

= lFvi 2Fv 2 1 ... 

nFv n 

F :: 

= A lFvi | 2Fv 2 1 

nFv n 


Clearly Si, $2 derive just the same strings they did in Gi and G 2 . Thus L(Gi)DL(G 2 ) 7 ^ 0 
if and only if the same string can be derived from both Si and S 2 . But this is true 

4 This can be ensured by renaming if necessary. 

5 See Appendix A for the definition if unfamiliar. 
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if and only if G is ambiguous (all derivations are necessarily left-most since at most 
one nonterminal is involved). As a consequence, decidability of ambiguity would imply 
decidability of context-free interesection, in conflict with the preceding theorem. □ 


Lemma 10.4.3 Given a sequence of strings U = (iq,!^, ... ,u n ) over alphabet E, the 
following set is generated by some context-free grammar Gjj = (Nu,T,Pu,Su) where 
T = {l,2,...,n,A}UE: 


{z m . . 


LL ~f~ 'U'ii 'LL%2 • • • 1 


Theorem 10.4.4 The following problem CFALL is undecidable: given a context-free 
grammar G = (7V,T,P, S'), to decide whether L{G) = T*. 


Proof. Again we begin with the PCP. Given a sequence of pairs (iq,ui),..., (u n ,v n ) over 
alphabet E, construct from this three context-free grammars 


1 . Gjj as by the preceding lemma with U = ('Uqiq, ... ,u n ) 

2. Gy as by the preceding lemma with V = (ui,U 2 ,... ,v n ). 


3. G 0 with L(G 0 ) = {xGf 


x is not of the form i m ... i 2 iiAuj 1 Uj 2 ... Uj k } 


It is easy (and an exercise) to see that Go exists, and in fact can be a regular grammar. 
It is also easy to construct from these a single context-free grammar G = (7V,T, P, S) with 

L(G) = L{G V ) U L{G V ) U L(G 0 ). 

Claim : L(G) ^ T* if and only if the PCP has a solution. To see this, sup¬ 
pose xGf but x £ L{G) = L(Gjj) U L{Gy) UL(Gq). Then x G T* \ L(Gq) implies 


x has the form x = z m .. .i 2 iiAuj 1 Uj 2 
im • • • 


• U 3k • 


Further, x e T* \ L(Gjj) implies x 




. Ui , and xgT \L(Gy) implies x 


im---i 2 iiAvi 1 Vi 2 ...Vi rn . Thus 


Lti 2 


.m 


m 


Vi x Vi 2 


• Vi , so the PCP has a solution. Similarly, if the PCP has an 


index sequence i\ 


• • 


,i m as solution, then 


x = im---i 2 iiAv il Vi 2 ...v irn g L(G) 


Thus L(G) ^T* if and only if the PCP has a solution, which is undecidable. 



Exercises 

10.1 Prove the “assertion” of Theorem 10.2.1. □ 
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10.2 Does the PCP with pairs (10,101), (10, Oil), (Oil, 11), (101, Oil) have a solution? 

□ 

10.3 Prove that the following problem is decidable : given a sequence of pairs 

(^ 2 , 1 ^ 2 ),• • •, (uk,Vk) of nonempty strings over a finite alphabet E, the problem is to 
determine whether or not there exist two index sequences and such 

that 

u h U i2 • • • Ui m ~ v jl v 32 • • • v jn 

Hint: the sets of left and right sides can be described by regular expressions. □ 

10.4 * Complete the proof of Theorem 10.3.2 by showing that P has a rooted solution if 
and only if P' has an unrestricted solution. Prove both the “if” and the “only if” parts. 

□ 

10.5 Prove Lemma 10.4.3: construct the required context-free grammar Gjj. □ 

10.6 Complete the proof of Theorem 10.4.4 (for example by showing that the set involved 

is recognizable by a finite automaton). □ 

10.7 Prove that it is undecidable, given two context-free grammars G,G', to determine 

whether L(G) C L(G'). □ 
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Part III 


Other Aspects of Computability The¬ 
ory 




11 Hilbert’s Tenth Problem 

(by M. H. S0rensen) 


11.1 Introduction 

In the introduction to this book we mentioned Hilbert’s famous list of open problems at 
the International Congress of Mathematicians in 1900. The tenth problem is stated as 
follows: 

Given a Diophantine equation with any number of unknown quantities and 
with rational integral numerical coefficients: to devise a process according 
to which it can be determined by a finite number of operations whether the 
equation is solvable in rational integers. 

In modern terms, the problem is to give an algorithm which for a polynomial equation 
with integer coefficients can decide whether or not it has a solution in integers. An 
equation of this form is called Diophantine , after the Greek mathematician Diophantus 
from the third century, who was interested in such equations. 

Hilbert’s Tenth problem is an example of a problem which is of independent interest in 
another field than computability theory, namely number theory. For instance, Fermat’s 
famous Last Theorem states that the equation 

(p+ l) n+3 + (q+ l) n+3 = (r + 1)”+ 3 

has no solution in natural numbers for p,g,r,n. Whether this is true has long been one 
of the most famous open problems in number theory. 1 For each fixed n, Fermat’s Last 
Theorem is an instance of Hilbert’s Tenth problem, provided we restrict solutions to 
the natural numbers—this restriction is not essential as we shall see shortly. Thus, an 
algorithm deciding for a Diophantine equation whether any solution exists in the natural 
numbers would prove or disprove Fermat’s Last Theorem for each fixed n. Conversely, 
it has later been realized that unsolvability of Hilbert’s Tenth problem would imply 
unsolvability of many other decision problems in number theory and analysis. 

1 Wiles has recently given a proof of Fermat’s last Theorem which seems to be widely accepted, see 
Annals of Mathematics, May 1995. 
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From the proof of Godel’s famous theorem [54] it follows that every recursively enu¬ 
merable set A can be defined by a Diophantine equation preceded by a finite number of 
existential and bounded universal quantifiers. In his doctoral dissertation, Davis [32, 33] 
showed that all but one of the bounded quantifiers could be eliminated. Hence, any recur¬ 
sively enumerable set A can be defined by a Diophantine equation E(x,y,z,x i,...,x n ,) 
as follows: 

x e A<^ =k/,Vz < y,=hi,...,=h n : E(x,y,z,xi,...,x n ) 

This form of definition was subsequently called Davis Normal Form. 

To prove that Hilbert’s Tenth problem is unsolvable it remains to eliminate the single 
bounded universal quantifier; that is, to show that any recursively enumerable set A can 
be defined by a Diophantine equation E(x,Xi ,... ,x n ) thus: 

x G A Ehi,..., 3x n : E(x,x i,... ,x n ) 

Indeed, if A is any recursively enumerable, non-recursive set, then an algorithm deciding 
for any x whether E(x,x i,...,x n ) has a solution, i.e., whether there are aq,...,x n such 
that E(x,x i,... ,x n ) holds, would also yield a method to test membership in A, which is 
impossible. 

While Davis showed how to simplify the form of equations necessary for defining all 
recursively enumerable sets, Robinson [153] attacked the problem from the other side. She 
showed that several sets could be defined by Diophantine equations. She also studied 
so-called exponential Diophantine equations, which allow unknowns in the exponents, 
and in particular showed, under what is now known as the Julia Robinson hypothesis , 
that any set definable by an exponential Diophantine equation is also definable by a 
Diophantine equation. 

Davis and Putnam finally managed to eliminate the last bounded quantifier from the 
Davis Normal Form using the Chinese remainder Theorem and Robinson’s exponential 
Diophantine equations. The result, sometimes called the Bounded Quantifier Theorem, 
states in its original form that, if there are arbitrarily long arithmetic progressions con¬ 
sisting entirely of primes, then every recursively enumerable set can be defined by an 
exponential Diophantine equation. Robinson subsequently managed to eliminate the as¬ 
sumption regarding primes (which is still open) and simplify the proof. The resulting 
joint paper by Davis, Putnam, and Robinson [38] stating that every recursively enumer¬ 
able set can be defined by an exponential Diophantine equation is now a classic. 

It follows from Robinson’s earlier result that to prove the unsolvability of Hilbert’s 
Tenth problem, it is sufficient to prove that the Julia Robinson hypothesis is true. This 
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remained an open problem, believed by many to be false, until it was proved ten years 
later in 1970 by the young Russian mathematician Matiyasevich [116]. 

In this chapter we give an account of the unsolvability of Hilbert's Tenth problem, 
leaving out the details of Matiyasevich’s result. The first section introduces exponen¬ 
tial Diophantine equations. The second section develops certain tools that are used in 
the third section to prove the Davis-Putnam-Robinson Theorem. The fourth section 
considers Hilbert’s Tenth problem. 

11.2 Exponential Diophantine equations and sets 

We begin by making the notions of the introduction precise. As is customary we shall 
be concerned with solutions in natural numbers rather than in integers. We also show 
that this is an inessential modification. 

Definition 11.2.1 

1. A function f : TV n —»IN is exponential polynomial if it can be written 

5 * * ‘ 

where t is defined by the following grammar with 1 < i < n and N G TV: 2 

t ::= Xi | N | ti • t 2 | ti + t 2 | ti — t 2 1 1\ 2 

2. An equation /(aq,... ,x n ) = 0 is exponential Diophantine if / is exponential poly¬ 
nomial. A solution is a tuple (oq,... ,a n ) G TV n with /(aq,... ,a n ) = 0. 

3. A set A C IN 71 is exponential Diophantine if there exists an exponential polynomial 
/ : TV m+n -> TV such that 

(oq,..., a n ) G A < t = 7 > 3.x\,..., 3x m . f (a \,..., a n , x \,..., ) — 0 

4. An exponential polynomial not using the last clause for t is a polynomial. Diophan¬ 

tine equations and sets are defined by polynomials, like exponential Diophantine 
equations and sets are defined by exponential polynomials. □ 

A few examples illustrating the definition may be useful. 

2 The construction t^ 2 may lead outside the integers, e.g., x 1 ~ y with x = 2 and y — 2. Such situations 
will be tacitly avoided in what follows. 
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Example 11.2.2 

1. The function 

/(#, y, z) = 3x + 5 xy — 71 z 5 

is a polynomial, where we write z 5 instead of z ■ z ■ z ■ z ■ z. Therefore, 

3x + bxy — 71z 5 = 0 

is a Diophantine equation, and the set of all natural numbers x such that there 
exists y,z with 3x + 5xy — 71z 5 = 0 is a Diophantine set. 

2. The function 

f(x,y) = x-2y 

is a polynomial, so 

x — 2y = 0 

is a Diophantine equation. Therefore the set of all even numbers is Diophantine; 
indeed, it is the set of all natural numbers x such that there exists a y with x — 2y = 
0, i.e., x = 2y. 

3. The function 

f(p, Q, r,n) = (p+ l) n+3 + (q + 1)”+ 3 - (r +1)"+ 3 

is an exponential polynomial. Hence, 

(p+ l) n+3 + (q+ l) n+3 - (r + l) n+3 = 0 

is an exponential Diophantine equation. Therefore the set of all x,y,z > 0 such 
that for some k > 3, x k -\-y k = z k , is exponential Diophantine. □ 

In the introduction Diophantine equations had integer solutions, but in the preceding def¬ 
inition their solutions were natural numbers. However, the problem of deciding whether 
an arbitrary (exponential) Diophantine equation has solution in integers is equivalent to 
the problem of deciding whether an arbitrary (exponential) Diophantine equation has 
solution in natural numbers. 

To reduce the former problem to the latter, note that there is a solution in integers 
to the equation 

f(X! ,,..,X n ) =0 

if and only if there is a solution in natural numbers to the equation 

f(Pl-qi,---,Pn-Qn) = 0 
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For the opposite reduction, recall that any natural number can be written as the sum 
of four squares (see, e.g., the appendix to [123]). Hence, there is a solution in natural 
numbers to the equation 

f(xi =0 

if and only if there is a solution in integers to the equation 

f(p 2 i+Q 2 i+rl+s 2 1 ,...,p 2 n + ql+rl+s 2 n ) = 0 

In conclusion, we have simplified the problem inessentially by considering only natural 
number solutions. 

In a similar vein, we may allow equations of form 

f (%1 %n) — dilJl Vm) 

where g(?/i,... ,y m ) is not simply 0, since this is equivalent to 

f{xi,...,x n )-g(yi,...,y m ) = 0 
We may allow conjunctions of equations 

f(xi,...,x n ) =0/\g(yi,...,y m ) =0 

since this conjunction of equations has a solution if and only if there is a solution to the 
ordinary equation 

f(x 1 ,...,x n )-f(x 1 ,...,x n ) + g(y 1 ,...,y m )-g(yi,...,y m ) = 0 
Similarly we may allow disjunctions of equations 

f(xi,...,x n ) =0Vg(yi,...,y m ) = 0 

since this disjunction of equations has a solution if and only if there is a solution to the 
ordinary equation 

f(x 1 ,...,x n )-g(y 1 ,...,y m ) =0 

11.3 Encoding of finite sequences 

We shall give a proof of the Davis-Putnam-Robinson theorem using encodings of counter 
machine computation executions. The idea will be clearer in the next section. Here it 
suffices to note that for this purpose it will be necessary to have available a means of 
expressing facts about objects in a sequence of finite, but unknown, length. 
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There are several such techniques available. The best known, first employed by 
Godel [54], uses the Chinese Remainder Theorem. In the present setting this technique 
has the disadvantage that it makes it rather hard to express certain necessary opera¬ 
tions as exponential Diophantine equations. Therefore another technique was invented 
by Matiyasevich [118], which we present in this section. 

Definition 11.3.1 For a,6E IN , let 

U U 

a = y ^a l 2 i (0 < a* < 1), 6 = ^6*2* (0 < b t < 1) 

i =0 *=0 

The bitwise less-than relation a^b is defined by: 

a ■< b Vz G {0,... ,n} : a* < bi □ 

The rest of this section is devoted to showing that a A b is an exponential Diophantine 
relation, i.e. , that 

{(a, b) e IN x IN \a^b} 

is a Diophantine set according to Definition 11.2.1. We prove this using two lemmas. 

The first lemma is due to Robinson [153], and the proof is a modification of Robinson’s 
proof due to Matiyasevich [120]. 

n\ 

-k)!k! 

(k) is exponential Diophantine. 

Proof. First, the less-than relation is exponential Diophantine, since 

a<b<=>3x:a + x + l = b 

Second, let [N]^ be the k’th digit of N written in base B. For instance, since 5 in base 
2 is 101 and we count from the right starting from 0, we have 

[5]| = [5]o = 1 

and 

[5]! = [5] i = 0 

The relation d = [N]^ is exponential Diophantine since 

d= [N}% ^3c,e:N = cB k + 1 + dB k + eAd<BAe<B k 


Lemma 11.3.2 Define for k < n, 

n\ 

k) (n - 

and let (?) = 0 when k > n. The relation m = 
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Finally, by the binomial theorem 

(B+l)” = E(”)b‘ 

/c—0 

Note that is the Afth digit of (B + l) n written in base B , provided (™) < B for all 
k. This, in turn, holds if B > 2 n (see the exercises). Hence, m = Q) is exponential 
Diophantine: 

m = (ffj <^>3B:E = 2 n + lAm= [(B + l) n ]f □ 

The second lemma necessary to prove that the bitwise less-than relation is exponential 
Diophantine involves a bit of elementary number theory, which has been banished to the 
exercises. 

Lemma 11.3.3 n^k<^ (™) is odd 

Proof. See the exercises. □ 

Proposition 11.3.4 The bitwise less-than relation is exponential Diophantine. 

Proof. The relation m = (Jfj is exponential Diophantine by Lemma 11.3.2. The relation 
u m is odd” is also exponential Diophantine: 

m is odd 3x : m = 2x + 1 

Hence, the proposition follows by Lemma 11.3.3. □ 

If a ■< b then a is also digitwise less than b using any other base H, provided the base is 
a power of 2. The converse does not generally hold; it may be that B is a power of 2, 
a is digitwise less than b in base H, and yet a ^ b. However, if B is a power of 2, a is 
digitwise less than b in base H, and all the digits of b in B are 0 or 1, then also a ^b. 
All this is perhaps best explained with an example. 

Example 11.3.5 For instance, 34 ^ 43, as can be seen from the first two rows in Fig¬ 
ure 11.1. Moreover, 34 is also digitwise less than 43 with base 4, as can be seen from the 
last two rows in the figure. The reason is that every group of two coefficients x • 2 ?+1 -\-y • 7f 
in the base 2 representation is packed into a single coefficient x-2 + y in the base 4 rep¬ 
resentation. If, in the base 2 representation, all bits in a number are less than or equal 
to those in another number, then the same holds in the base 4 representation; that is, if 
Xi < x 2 and y x < y 2 then oq • 2 + y 1 <x 2 -2 + y 2 . 
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43 = 

= 1 • 2 5 + 0 • 2 4 

+ 

1 • 2 3 + 0 • 2 2 

+ 

1 • 2 1 + 1 • 2° 

34 = 

= 1 • 2 5 + 0 • 2 4 

+ 

0 • 2 3 + 0 • 2 2 

+ 

1 • 2 1 + 0 • 2° 

43 = 

= 2 • 4 2 

+ 

2 • 4 1 

+ 

3-4° 

34 = 

= 2 • 4 2 

+ 

0 • 4 1 

+ 

2-4° 


Figure 11.1: Digitwise comparisons in base 2 and 4- 


43 = 

= 1 • 2 5 + 0 • 2 4 

+ 

1 • 2 3 + 0 • 2 2 

+ 

1 • 2 1 + 1 • 2° 

18 = 

= 0 • 2 5 + 1 • 2 4 

+ 

0 • 2 3 + 0 • 2 2 

+ 

1 • 2 1 + 0 • 2° 

43 = 

= 2 • 4 2 

+ 

2 • 4 1 

+ 

3-4° 

18 = 

= 1 • 4 2 

+ 

0 • 4 1 

+ 

2-4° 


Figure 11.2: More digitwise comparisons in base 2 and 4- 


On the other hand, 18 is digitwise less than 43 in base 4, but 18 ^ 43, as can be 
seen from Figure 11.2. The reason is that a group of two coefficients x\ • 2 2+1 -\-yi -2 l 
in the base 2 representation of a may fail to be digitwise less than the corresponding 
two coefficients x 2 -2 2+1 H- 7/2 * in the base 2 representation of 6, even if it holds that 
x\ • 2 + yi < X 2 • 2 + V 2 - For instance, this happens if X\ < X 2 and y\ > y 2 - 

However, if all the coefficients in the base 4 representation are 0 or 1, i.e., x\ and X 2 
are 0, then this cannot happen. □ 


11.4 


The Davis-Putnam-Robinson Theorem 


In this section we show that any recursively enumerable set A is exponential Diophantine. 
As mentioned in Section 11.1, the result is due to Davis, Putnam, and Robinson [38]. 
The present proof is due to Jones and Matiyasevich [74], and is somewhat more in the 
spirit of this book than the original recursion-theoretic proof. 

Any recursively enumerable set A can be represented by a counter machine p in the 
sense that that x G A iff [[p]] (x) terminates. This follows from the fact that counter ma¬ 
chines can express all partial recursive functions. The idea, then, is to formalize the execu¬ 
tion of any counter machine p by an exponential Diophantine equation f(x, z 1 ,..., Zk) = 0 
such that [[pj(x) terminates iff f(x,zi,... ,£&) = 0 has a solution. 


• • • 
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Before proceeding with the general construction it will be useful to review an example, 
taken from [156], which illustrates how this is done. 

Example 11.4.1 Consider the following counter machine p: 

Ii : ifXl = 0goto4; 

I 2 : XI := XI — 1; 

1 3 : ifX2 = 0gotol; 

1 4 : stop 

We assume that every subtraction command I/: X:=X-1 is preceded by a command 

X=0 goto k. We also assume that for every conditional Ip if X=0 goto k, Ifc 
is not a subtraction command. This implies that a counter will never be decremented 
below 0. We write a stop command at the end of the program, and assume that all 
counters have value 0, when the program terminates. These assumptions present no loss 
of generality. 

Recall that the input is stored in counter X x . If the input to p is 2, then the com¬ 
putation has length 7, (we count a single-step computation to have length 0), and the 
following commands are executed in order: 

1,2,3,1,2,3,1,4 

The whole execution, including information about values of counters and the current 
program point, can be represented by the matrix in Figure 11.3. 


7 

6 

5 

4 

3 

2 

1 

0 = 

= t 

0 

0 

0 

1 

1 

1 

2 

2 = 

= X ljt 

0 

0 

0 

0 

0 

0 

0 

0 = 

= x 2i t 

0 

1 

0 

0 

1 

0 

0 

1 = 

= Kt 

0 

0 

0 

1 

0 

0 

1 

0 = 

= * 2 ,f 

0 

0 

1 

0 

0 

1 

0 

0 = 

= h,t 

1 

0 

0 

0 

0 

0 

0 

0 = 

- H,t 


Figure 11.3: Representation of execution of counter machine. 


The two x-rows represent the values of the two counters before step £, counting the first 
step as step 0. For instance, Xi has value 2 before step 0 and 1, so x \,o and xpi are both 
2. X]_ has value 1 before step 2, 3, and 4, so X 1 . 2 , x 1>3 , and X 1.4 are all 1. The i-rows 
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express which command is executed in step t. For instance, in step 0, command 1 is 
executed, so is 1, and in step 2 command 3 is executed, and therefore is 1. 

Instead of representing the values of, say Xi, by a row of numbers, we can pack the 
information into a single number 

y 

J2 X i’ tbt 

t =o 

where y = 7 is the length of the computation and b is a number larger than all the 
numbers in the matrix. With this idea the whole matrix becomes the system of equations 
in Figure 11.4. 


0 • b 7 + 

0 

b e + 

0 

b 5 + 

l-b 4 + 

1 

h 3 + 

1 • b 2 + 

2 ■b 1 + 

2 -b° = 

= X! 

0 -b 7 + 

0 

b 6 + 

0 

b 5 + 

0 -b 4 + 

0 

h 3 + 

0 • b' 2 + 

0-&! + 

0 • b° = 

= %2 

0 -b 7 + 

1 

b 6 + 

0 

b 5 + 

0 -b 4 + 

1 

h 3 + 

0 • b 2 + 

0 ■b 1 + 

1 • b° = 

= k 

0 -b 7 + 

0 

b 6 + 

0 

b 5 + 

1 -b 4 + 

0 

h 3 + 

0 • b 2 + 

1 ■b 1 + 

0 -b° = 

= ^2 

0 -b 7 + 

0 

b 6 + 

1 

b 5 + 

0 -b 4 + 

0 

h 3 + 

1 • b 2 + 

0-^+ 

0 -b° = 

= ^3 

1 -b 7 + 

0 

b 6 + 

0 

b 5 + 

0 -b 4 + 

0 

b 3 + 

0 • b 2 + 

o-r+ 

0 • b° = 

= U 


Figure 11.4: Numeric representation of execution of counter machine. 


Thus every computation of p on some input x can be represented by certain values 
of x,X!,X 2 ,ii,... ,H,y,b. These values satisfy certain properties corresponding to the 
details of the computation. For instance, in all executions of p command 2 is followed by 
execution of command 3. Thus in Figure 11.4 whenever W has coefficient 1 in Z 2 ? has 
coeffient 1 in 23 . This is a purely numerical relationship between the values of 22 and 23 . 
These relationships can be expressed as a set of equations such that every computation 
of p on some input gives a solution to the equations, and every solution to the equations 
correspond to a computation of p. □ 

The idea, in general, is now to translate any counter machine p into an exponential Dio- 
phantine equation such that if [[p]] ( x ) terminates, then the details of the computation— 
the number of steps, the values of the counters, etc.— give a solution to the equation, 
and conversely, for every solution of the equation, there is a corresponding terminating 
computation. 

Theorem 11.4.2 Every recursively enumerable set A is exponential Diophantine. 
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Proof. Let A be any recursively enumerable set and p be a counter machine such that 
x G A iff Jp]](x) terminates. Suppose p has form 

p = Ii...I n (with counters Xi,...,X m ) (11.1) 

We now derive an exponential Diophantine equation 

,/(*F X \,..., Xm 5 A 5 i 'ini Vi F) 0 (11.2) 

such that 


[pj(x) terminates (11.2) has a solution 



More precisely we derive 12 equation schemes which can be combined into a single con¬ 
junction using the technique in Section 11.2. 

1. First of all, we need a base b for the representation in Figure 11.4. Recall that b 
must be larger than all the coefficients in order for the representation to be correct. Since 
the initial value of counter Xi is x and the other counters are initialized to 0, no counter 
value can exceed x + y where y is the number of steps of the computation. Therefore, 



2 x+y+n 



is large enough. We shall need later two additional facts about 6, both satisfied by the 
above choice: that b is a power of 2 and that b> n. 

2. It will be convenient to have a number whose representation in base b is a string 

of length y consisting entirely of Fs. This is the number b y ~ l 4- \-b-\-l. This number 

satisfies the equation 

1 + bU = U + b y (2) 

and it is the only number satisfying the equation; indeed, if U = ( b y — l)/(b—l) then 

U = b y ~ 1 + --- + b+ 1. 

3. It will be necessary later that the coefficients in Figure 11.4 are all strictly smaller 
than b/2. This is enforced by the following equations. 

Xj <{b/2-l)U (j = 1,... ,m) (3) 

Indeed, if Xj is less than ( b/2 — 1 )U bitwise, then the same thing holds digitwise in base 
6 , since b is a power of 2 (see Example 11.3.5). But the digits in (b/2 — 1)U in base b are 
exactly b/2 — 1. 

/,5. In each computation step of p, exactly one command is executed. This is 
expressed by the following equations. 
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n 

u=y j u ( 5 ) 

1=1 

The first equation states that in the binary representation of the two numbers, all the 
coefficients of q are smaller or equal than those of U. Since b is a power of 2, and all the 
coefficients of U are 1, this is the same as requiring that in base b, all the coefficients of 
ii are smaller or equal than those of U, i.e., are 0 or 1 (see Example 11.3.5). That is, in 
terms of Figure 11.4, all coefficients in ii are 0 or 1. 

The second equation similarly expresses the fact that in every q-column in Figure 11.4 
there be exactly one coefficient which is 1. For this it is necessary that no carry occur in 
the summation, and this is guaranteed by the fact that b > n. 

6,7. In any computation with p, the first and last step are to execute command Ii 
and I n , respectively. This is expressed as follows. 


1 +i± 

(6) 

= b y ~ l 

(7) 


The first equation expresses that the rightmost coefficient of i\ in Figure 11.4 is 1. The 
second states that the leftmost coefficient in i n is 1. 

8. After executing a command 1/ which is either a subtraction or an addition, the 
next instruction should be I/+i. This is expressed as follows. 

bii + ik + ii+i (for all l with If. X:=X-1 or X:=X-l) (8) 

The equation states that in Figure 11.4, if the coefficient of in i/ is 1, then the coefficient 

of 5 J+1 should be 1 in q+i- Note how the multiplication with b represents a move to the 
left in Figure 11.4. 

9. After executing a conditional I/:if Xj = 0 goto k the next instruction should be 
either 1^ or I/+i. This is expressed as follows. 

bii + ik T b+i (for all l with If.if Xj= 0 goto k) (9) 

The equation states that in Figure 11.4, if the coefficient of fr 7 in ii is 1, and 1/ is the 

command if Xj= 0 goto k, then the coefficient of 5- 7+1 should be 1 in q+i or ik (where 
l + l by assumption). 

10. Whenever executing a command Ipif Xj= 0 goto k, the next command should 
be Ik if Xj is 0, and I/ +1 otherwise. This is expressed as follows. 

bi[ ^ ii+i + U — 2xj (for all l with Ipif Xj= 0 goto k) 


( 10 ) 
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To see this, suppose that Xj = 0 before, and hence also after, step k, i.e., 

Xj = ... + 0- b k+1 + 0-b k +... 

Then 

2xj = ... + 0-b k+1 + 0-b k + ... 

Here we made use of the fact that all coefficients are smaller than 6/2, so that no bit of 
the coefficient of b k ~ l is shifted into the coefficient of b k by the multiplication with 2. 
Hence, the subtraction U — 2xj looks as in Figure 11.5. 


u 

= 1 • b y ~ 1 + ••• + 

1 • b k+1 

+ 

1 • b k 

+ ... 

to 

<■0. 

II 

= ••• + 

0 • b k+1 

+ 

0 • b k 

+ ... 

to 

H 

II 

= ••• + 

1 ■ b k+1 

+ 

• • • 



Figure 11.5: U — 2xj when Xj =0. 


The subtraction may require borrowing from the coefficient 1 of b k in U, but not from 
the coefficient 1 of 6 fc+1 in U since the coefficent of b k in 2 xj is 0. Now, since 

bii = ... + 1 • 6 fc+1 + ... 

(10) holds iff the rightmost bit in the coefficient to 6 fc+1 in q+i is 0, i.e., iff 

ii+i = ... + 0-6 fc+1 + ... 

i.e., iff the next command is not I/+i. By (9) the next command must then be 1^, as 
required. This covers the case Xj = 0. 

If, on the other hand, Xj > 0 before and hence also after step k, i.e., 

Xj = ... + n • b k+1 + n-b k + ... 

Then 

2 Xj = ... + 2n • b k ~ kl + 2n • b k + ... 

Then the subtraction U — 2xj looks as in Figure 11.6. 

Again we made use of the fact that n < 6/2 so that no bit is shifted from one coefficient 
to another by the multiplication with 2. Here the subtraction of the coefficients to 6 fc_1 
may or may not require borrowing, but the coefficients to b k and 6 /c+1 definitely do need 
borrowing. Now the coefficient b — 2n to 6 /,:+1 in U — 2xj is even, whereas 

bi t = ... + 1 • b k+1 + ... 
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b 

b 

u -i -by- 1 + • 

.. + f.b k + 2 + 

y-b k+1 

+ 1 -b k + ■■■ 

2xj 

+ 

2n-b k+1 

+ 2 n-b k + • • • 

U — 2 Xj = 

+ 

(6 — 2n) • b k+1 

+ 


Figure 11.6: U — 2xj when Xj > 0. 


so (10) holds iff the rightmost bit in the coefficient to b k+1 in q+i is 1, i.e., iff 

ii+! = ... + l- 6 fe+1 + ... 

i.e., iff the next command is I/+i, as required. 

11,12. It remains to express the fact that addition and subtraction instructions should 
modify the contents of the counters appropriately. Let A(j) and S(j) be the set of labels 
l such that the command 1/ is Xj : =Xj +1 and Xj :=Xj- 1, respectively. This is done by the 
following equations. 

x 1 =x + b(x 1 + ^ ii- ^2 (11) 

leA(i) ies( l) 

Xj = b(xj-\- k~ k) (j = 2,...,ra) (12) 

ieA(j) ies(j) 

Indeed, consider (11). The sum a num ber whose base b representation has 

1 for every coefficient k where the k‘t h step in the execution of p is Xi:= Xi + 1. Similarly 
with the other sum. (11) now states that if Xi is n before the k ’the step, and the 
instruction executed in the k’th step is an addition, then Xi is n+1 before the fc + l’th 
step. For example, consider Figure 11.7. 

In this example there is only a single addition to Xi during the whole execution, namely 
in step 1, and a single subtraction in step 4. Before step 1, X x has value x, hence after 
it has value x-\- 1. Similarly with subtractions. This can be expressed by requiring that 
if we add x\ to the sums SzeA(i)^ an d — SzeS(i)^ an d shift the result one position to 
the left, then the coefficients should match those in x\. Note that multiplication with b 
does not lead to overflow since it is assumed that all counters are 0 at the end. 

Equation (12) is identical to Equation (11) except that the initial contents of Xj is 0 
rather than x, for j = 2,... ,m. The whole set of equations is collected in Figure 11.8. It 
is now a routine matter to verify that the claim (11.3) is indeed true. □ 

Corollary 11.4.3 There is no algorithm that can decide for an exponential Diophantine 
equation whether or not is has a solution in natural numbers. 
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6 

5 

4 

3 

2 

1 

0 

step 

X 

X 

x + 1 

x + 1 

x + 1 

X 

X = 

= Xi 
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0 

0 

0 

0 

1 

0 = 

- ^2ieA( i)ii 

0 

0 

1 

0 

0 

0 

0 = 

= J2ies( i)ii 

X 

X 

X 

x + 1 

x + 1 

x+1 

x = 

- x i + J2ieA(i) ii ~ ^2ies(i) ^ 

X 

X 

x + 1 

x + 1 

x + 1 

X 

X = 
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Figure 11.7: Representing additions and subtractions. 


(i) 

2 x+y+n 



(2) 

1 + bU = U + b y 



( 3 ) 

Xj ^ (b/2-l)U 

c? = 

= 1,... ,m) 

( 4 ) 

k<u 

(/ = 

: 1,... ,n) 

( 5 ) 

u = T,?-iU 
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Figure 11.8: Representation of execution of counter machine. 


Proof. Let A C TV be a recursive enumerable, non-recursive set (recall that such sets 
do exist). By the Davis-Putnam-Robinson Theorem there is an exponential Diophantine 
equation /(x,+l, ... ,z n ) = 0 such that 


x G A 4=> f(x,Zi,.. .,z n ) = 0 has a solution 


Since we can construct effectively the equation /(x,zi ,... ,z n ) = 0 given x it follows that 
an algorithm to decide for each x whether f(x,zi,...z n ) has a solution would imply a 
decision procedure for A , which is impossible since A is non-recursive. □ 
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11.5 Matiyasevich’s Theorem and Hilbert’s Tenth 

problem 

In this section we briefly show that Hilbert’s Tenth problem is unsolvable, leaving out 
almost all details. As mentioned, the following theorem, due to Matiyasevich [116], was 
the final step in solving Hilbert’s Tenth problem. 

Theorem 11.5.1 The relation u = v w is Diophantine. 

Proof. See, e.g., [123]. □ 

Corollary 11.5.2 Every recursively enumerable set is Diophantine. 

Proof. By the Davis-Putnam-Robinson Theorem, there exists for every recursively enu¬ 
merable set A an exponential Diophantine equation f(x,Z\,... ,z n ) = 0 such that 

x G A&3zi,...,3z n : f(x,zi,...,z n ) = 0 

By Matiyasevich’s theorem there is a Diophantine equation e(u,v,w,yi,... ,y m ) = 0 such 
that 

u = v w &3yi,...,3y m : e(u,v,w,yi,...,y m ) = 0 

Therefore every occurrence in f(x,zi,...,z n ) of t t2 can be replaced by a variable u. 
We must then add to the original equation /(x,zi,... ,z n ) = 0 the new equations v = ti, 
w = t 2 , and e(u,v,w,yi,... ,y m ) =0. These can all be combined into a single Diophantine 
equation using the technique in Section 11.2. □ 

The following corollary then shows that Hilbert’s Tenth problem is unsolvable. 

Corollary 11.5.3 There is no algorithm that can decide for a Diophantine equation 
whether or not is has a solution in natural numbers. 

Proof. Similar to the proof of Corollary 11.4.3 using the preceding corollary. □ 

Exercises 

11.1 Show that the non-strict less-than relation a < b is Diophantine. □ 

11.2 Show that the set of numbers that are not powers of 2 is Diophantine. □ 
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11.3 Show that the set of numbers that are not prime is Diophantine. 


□ 


11.4 * Prove that for all n G IN and all k G {0,... ,n} 


n 

k 


< 2 


n 


Hint : For a real number r let [r] denote the smallest integer larger than r, and let [r] 
denote the largest integer smaller than r. For instance, |_7/2J = |_6/2J = 3 and [7/2] = 
[8/2] =4. Then proceed by induction on n splitting into the cases: 

1. k = n; 

2. 0 <k< |_n/2j; 

3. [n/2] < k <n. 

In the last case use the fact that 


n 

k 


The following rules may also be helpful: 

n/[n] 


n 


n 


k 


< 2 


[n] — 1 < [n] 


□ 


The following is adopted from [156]. For a different proof of Lemma 11.3.3, see [74]. 


11.5 * Prove that 


n 


k -< n I _ I is odd 

k 


Hint : Prove the assertion for the cases k> n, k = n, and k < n. In the last case proceed 
in the following steps. 


1. Let m = Yli= (th e right hand side is the binary representation of m), and 


define 


ONE(m) 

EXP(m) 


the number of Is among mo,... ,m/ 

the exponent of the highest power of 2 dividing m 


EXP(m) is the same as the index in {0,..., /} of the rightmost 1 among mo,..., m/ 
For example, since 76 in binary is 1001100, ONE(76) = 3, EXP(76) = 2. 

2. Prove that m is odd iff EXP(m) = 0. 
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3. Prove that EXP(m!) = m-ONE(m) by induction on m. 

In the induction step consider the cases: m is even, and m is odd, and use in the 
latter case the fact that EXP(m+ 1) = ONE(ra) — ONE(ra+ 1) + 1. 


4. Prove that 


EXP 


ONE (k) + ONE(n - k) - ONE(5) 


5. Now let n = 2 2 and k = ^!=n^2h Prove that \/i\ki< ni implies 


EXP 


and hence the left-to-right direction in the overall assertion follows 
6. For the right-to-left direction prove that if 3i : ki > ni then 


EXP W >0 

as follows. Let i be the smallest index such that 0 = n* < ki 
a}? Prove that 


1. Let Nj 


kj — [b 


nj 


rii(= 0) 

Ehi n 


= ^ 

< (2 =)N 


for all j < i 


j+l U 3 - 1 + D 


N- 

3 +1 ^ 


and conclude that 


ONE(fc) + ONE(n - k) = ONE(n) = ^ Nj — n 3 > 0 

j=o 


which gives the right-to-left direction. 


References 

As mentioned, Hilbert’s Tenth Problem was presented at the International Congress of 
Mathematicians in 1900. While it was not actually stated during his lecture, it appeared 
in the published version, see Reid’s biography [150]. 

Several papers by Davis, Putnam, and Robinson were mentioned in Section 11.1. 
Another classic recursion-theoretic presentation of the unsolvability of Hilbert’s Tenth 
problem, with a historical appendix and more references, is due to Davis [35]. 

In Section 11.1 we also mentioned several papers by Matiyasevich. For more refer¬ 
ences and much more information about all aspects of Hilbert’s Tenth problem, consult 
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Matiyasevich’s book [123]. The book discusses many applications; it infers from unsolv¬ 
ability of Hilbert’s Tenth problem the unsolvability of several other problems in number 
theory and analysis. Its sections with commentaries at the end of each chapter give many 
historical details. 

In several places we have adopted technical and stylistic improvements from the recent 
books by Floyd and Beigel [47] and Rozenberg and Salomaa [156]. 





12 Inference Systems and Godel’s 
Incompleteness Theorem 


Inference systems have proven themselves very powerful for defining logical systems, in 
programming languages for defining operational semantics and type systems, and in many 
other applications as well. The main purpose of this chapter is to understand exactly 
what the limits are to their expressivity. 

In Computer Science , an important application is to define a programming language’s 
semantics: a systematic way to assign a meaning to every program in the language, thus 
specifying precisely the possible effects that can be realized by any program 1 . 

Inference systems originated in Mathematical Logic , for the purpose of making a pre¬ 
cise formulation of mathematical reasoning, for example proofs in geometry from Euclid’s 
axioms. A concrete “formal system” is often presented by beginning with definitions of 
some syntactic categories and then by presenting inference systems for reasoning about 
them. Examples of syntactic categories might be Terms T, Formulas F, Assumptions T, 
and Judgments T \~ F. Such a judgment usually has an intuitive reading, for instance U F 
is true, provided the assumptions listed in T hold.” An example of an inference rule is 
the ancient modus ponens rule: 

If r b F => G and T h F, then ThG 

Logicians have tried to relate the question of which statements are true in a logical frame¬ 
work, e.g. geometry, to the question of which statements are provable according to a given 
formal logical system, e.g. Euclid’s axioms. The truth of a statement in a mathemati¬ 
cal system concerns its meaning in an “intended interpretation,” e.g. an assertion about 
figures in two-dimensional Euclidean space; whereas its provability concerns whether its 
truth can be established by a certain system of formal proof procedures. The fact that the 
two may be different first became clear with the discovery of non-Riemannian geometries. 

In the last analysis, formal proof procedures work by symbol manipulation, and are 
often presented in the form of inference systems. 

Overview: Section 12.1 begins this chapter with some informal examples of the use of 
inference systems to define programming language semantics. 

1 A “possible effect” might be transforming an input to an output, but in general need not be deter¬ 
ministic, e.g. search processes or interactive communications are other possibilities. 
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Section 12.2 introduces a generalization of the concept of set: an n-ary predicate , 
which is much used in logic, and implicit in the informal examples. After this, Section 12.3 
establishes several properties cocerning recursive and recursively enumerable predicates, 
extending those of sets as in Chapter 5. 

Section 12.4 contains a general formalization of inference systems as used to define 
predicates over ID, and it is proven in Section 12.4.3 that every predicate definable by an 
inference system is a recursively enumerable subset of ID. 

This framework gives enough background to state and prove, in Section 12.5, a version 
of Godel’s Incompleteness Theorem : that no inference system can prove all and only the 
true statements of even a particularly simple formal language DL concerning values in 

B. 

12.1 Examples of operational semantics by inference 

systems 

Language semantics can be defined in (at least) two ways. One way is by Plot kin’s 
structural operational semantics [140] or Kahn’s similar natural semantics [91]; both are 
used by many researchers. By this approach, a language semantics is given by a collection 
of inference rules that define how commands are excuted, how expressions are evaluated, 
etc. 

In an operational semantics a language definition is a set of inference rules and axioms 
sufficient to execute programs. An inference rule consists of a set of premises which, if 
true, allow one to conclude or deduce a conclusion. An axiom is a special case of an 
inference rule — one with an empty set of premises. We give some examples now, and a 
more general framework later in Section 12.4. 

The I semantics defined in Section 2.2 is in essence (though not in apperance) an 
operational semantics. For example, the definition of C b a —> o' is easy to re-express 
using inference rules as in the next section (Exercise 12.2). According to such rules the 
meaning of a recursive construction such as a while loop or a recursively defined function 
is typically obtained by “syntactic unfolding”; an example will be seen below. 

Another way to define semantics is by denotational semantics , first developed by Scott 
[162]. (See Schmidt [158] for a gentle introduction.) By this approach, every syntactic 
construction in the language is assigned a meaning in some domain : a set plus a partial 
order on its elements, ordered according to their “information content.” For example, 
the set IN —> IN± is a domain, ordered by / C g iff for all x G TV, either f(x) = g(x) or 
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f(x) = _L (see Section 14.1 for a sketch of this approach). The meaning of a recursive 
construction such as a while loop or a recursively defined function is obtained by applying 
the “least fixed-point operator” to a certain higher-order function. 

12.1.1 Expression evaluation by inference rules 

We now investigate how expressions in a programming language can be evaluated, relating 
the syntactic world of expressions as written to their semantics , i.e. the mathematical 
values which they denote. 

Suppose e is an expression, such as x+y, which contains occurrences of the variables 
x and y. Then the value of e can be determined only under some value assumptions 
about the values of x and y. Such assumptions can be represented by a finite function 
a = [x » v, ...] which for instance maps x to its value, so a(x) = v. Function a is usually 
called a store in an imperative programming language, or an environment in a functional 
programming language. 

The assertion that “if x = 5 and y = 6, then x+y = 11” is written as follows: 

[a^ i—> 5, 1 —^ 6] b x + y 11 

More generally, the notation a b e => v is an example of what is called a judgment. 

This one means that “given store (or environment) cr, expression e can be evaluated to 
yield result v.” Here expression e is a syntactic object, value v is a semantic object, and 
store a connects syntactic objects (variable names) with semantic objects (their current 
values). 

Expression evaluation is often based on a set of inference rules , one for each form of 
expression in the language. For an expression which is a variable occurrence, we have 
the assertion: 

a b x => <t(x) 

This is an axiom: an inference rule that is true without prerequisite assumptions, assum¬ 
ing the value of variable x is defined by a. 

Now consider an expression succ e whose value is 1 more than the value of its 
subexpression e. If subexpression e evaluates to u, then the entire expression evaluates 
to v + l. This is expressed by the inference rule, where the part above the line is called 
the premise : 
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<j b succ e =^> plus(v , 1) 

For an expression el + e2, if the subexpressions respectively have values up u, then the 
entire expression has value u-\-v. This is expressed by a two-premise inference rule: 

o\~el^u a \~ e2 v 
<j b el + e2 => plus(u,v) 

This may look “content-free” but in fact is not, since it defines the meaning of the syn¬ 
tactic symbol “+” appearing to the left of the => in terms of the already well-understood 
mathematical operation of addition (the plus appearing to the right). 

For another example consider boolean-valued expression el = e2, which tests two 
values for equality. This is easily described by two rules, one for each case: 

a\~el^u a \~ e2 ^ u 
(j b el = e2 true 

ab el a \~ e2 ^ v u^v 

a b el = e2 => false 

The meaning of a conditional expression if e then el else e2 can also be given by 
two rules, the first applying when condition e2 is true and the other applying when it is 
false: 

a b e true a b e 1 v 

a b if e then el else e2 =y v 

(jbe4 false a b e2 => v 

a b if e then el else e2 => v 

Using these inference rules, the value of a complex expression can be inferred from the 
value assumptions held in the store a. For instance, when a = [m f—> 5,n f—> 3], then the 
inference 

a b m =^> 5 a b n => 3 a b m => 5 a b 1 => 1 
crbm + n=>8 crbm— 1 => 4 

a b (m + n) * (m — 1) =^>32 

shows that (m+n) * (m-1) has value 32, using unstated but obvious inference rules for 
evaluating constants, subtraction and multiplication. 
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12.1.2 Recursion by syntactic unfolding 

For another example, consider a programming construction for minimization “min x 
such that e = 0.” Its intended semantics is that e is to be evaluated repeatedly with 
x = 0,1,2,... This is repeated until e first evaluates to 0, and the value that x has at 
that time is returned. (The expression’s value will be undefined if e evaluates to nonzero 
values for all x.) 

The following inference rules define this new construction’s semantics. A new judg¬ 
ment is used, of form u[x u\ F mm e w. It signifies u w is the smallest value of x not 
less than u for which e evaluates to 0,” where a is an environment defining the current 
values of variables in e other than x. 

(j[x i—> 0] h min e^w 
a h min x such that e = 0 w 

a[x f—» u\ F e => 0 
cr[x i —> u] F ^ e^u 

(j[xh4 W ]he^r, v ^0, and cr[x u+ 1] F m2n e => w 

a[x^u] F m * n e^w 

The following illustrates computation of min x such that 1-x = 0: 

x i —> 1] h 1 =^- 1, [x^l]hx^l 

[x 0] F 1 => 1, [x f-> 0] h x => 0 ^ [x 1] h 1 - x =^> 0 

[x i —> 0] F 1 — x 1 ^ [x 1] \- rnin 1 - x => 1 

[x 0] F m * n 1 - x => 1 
[] F (min x such that 1 — x = 0) => 1 

Intuitive explanation: computation begins at the bottom of the tree with given environ¬ 
ment a and expression e, and the goal is to find v such that a F e => v. 

In this case a is an empty environment [], and the goal is to evaluate “min x such 
that 1-x = 0” with no defined variables, and an as yet unknown value w. The only 
inference rule applicable to yield the bottom tree node requires the node above, in effect 
initializing x to 0 and asking for the value of a F mm judgment. Both inference rules 

for F mm cause 1-x to be evaluated, yielding 1 in this case. This is nonzero so the only 

• • 

applicable F mm rule is the last one, which in effect asks for another F mm judgment, after 
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incrementing x from 0 to 1. Again, 1-x has to be evaluated, now yielding 0. Now only 

0 0 

the first b mm rule can be used, leading to the conclusion that [x i—> 1] b mm 1 — x => 1 and 
so that w = 1. 


12.2 Predicates 

The net effect of an inference system is to define a predicate, i.e. a relation among 
values (for example, between expressions and their values in a given store). This section 
introduces some terminology concerning predicates, and establishes some of their basic 
properties. 


The extensional view: predicates are sets 

In this book a predicate over a set S is just a subset of S. It is common in logic to express 
the fact that v G S as u S(v) is true,” or sometimes even just to assert the statement 

S{v). 

If S = Si x • • • x S n then P is called an n-ary predicate (0-ary or nullary, unary, binary, 
ternary, etc. for n = 0,1,2,3,...). Examples of predicates over IN: 


U 




1. binary: < is the set {(ra,n) G TV x TV 

2. binary: = is the set {(m,m) G TV x TV 

3. unary: the set of prime numbers. 


m is smaller than n}. 
rn G TV}. 


Operations on predicates 

Suppose P and Q are n-ary predicates over S. Then the following are also n-ary predi¬ 
cates: 


1. conjunction , or “and”: P AQ = PnQ. For 5 G S n , s is in PA Q iff s is in both P 
and Q. 

2. disjunction , or “or”: PW Q = PUQ. For s G S n , s is in PU Q iff s is in P or Q or 
both. 

3. implication , or “if-then” :P => Q = {s G S n \ if 5 is in P then s is also in Q}. 

4. negation , or “not”: ~^P = S n \P. For s G S n , s is in -i P iff s is not in P. 


Some examples: 
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1. If P is the set of prime numbers and 0 is the set of odd numbers, then PAO is 
the set of odd prime numbers. 

2. If 0 is the set of odd numbers and E is the set of even numbers then EW 0 = IN. 

Recall that, although functions are just certain sets, we allow shorthand notations like 
/(n,ra) = n + m. Similarly we allow short hand notations for predicates, like “P(x,y) is 
the predicate x = y +1” with the understanding that what we really mean is that P(x,y) 
is the set {(1,0), (2,1),...}. 

Suppose that P C Si x • • • x S n is an n-ary predicate. Then the following are (n — 1)- 
ary predicates: 

1. Universal quantifier , or “for all”: 

{ (yX\ ,. . . , , • • • , Xrpfj G S*! X l X x • • • X S 77 , 

for all Xi in Si, (a?i,.. .x n ) is in Si x • • • x 5 n } 

2. Existential quantifier , or “there exists”: 

3 X{P {(.X]_,..., 5 , x n ) G Si x 1 x x • • • x S n 

there is an xi in Si such that (xi,.. .x n ) is in Si x • • • x 

Examples: 

1. If P{x,y) is the predicate < over IN x IN then MyP{x,y) is the predicate over IN 
which only contains 0. (0 is smaller than all other numbers.) 

2. Further, MxP(x,y) is the predicate over IN which contains no elements at all. 
(There is no largest number). 

3. If P(x,y) is the predicate x = y + l over IN x O where O is the set of odd num¬ 
bers then 3xP(x,y) is the predicate over IN containing exactly the even positive 
numbers. 

n-ary predicates over D as subsets of D 

Since set ID is closed under pairing, we can represent an n-ary predicate P over ID as the 
set of list values: 


{(di... d n ) (di • (d 2 • • • • (d n .nil)...) | di,..., d n G P { 

Thus we may take over the terms “recursive” (decidable) and “r.e.” or “recursively enu¬ 
merable” (semidecidable) for predicates over ID, without change from those concerning 
sets. We will henceforth restrict our attention in some definitions and theorems to unary 
predicates over ID, but use the freer n-ary notation where convenient. 
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12.3 Predicates and program descriptions 

Theorem 12.3.1 If P and Q are recursive predicates then so are PVQ, PAQ, and -i P. 

Proof. By Theorem 5.5.1 ->P is decidable if P is decidable. Let p = read XI, . . . ,Xn; 
Cp; write Rp and q = read Yl, . . . ,Yn; Cq; write Rq be programs deciding P and 
Q, respectively. Without loss of generality they have no variables in common. The 
following program clearly decides P A Q: 

read Xp; 

Yl := XI;...; Yn := Xn; 

Cp; Cq; 

Result := Rp and Rq; 
write Result 

Further, P V Q = — 1 (—ijP A -hQ), so by Theorem 5.5.1 PVQ is decidable. □ 

Theorem 12.3.2 If P and Q are recursively enumerable predicates then so are P V Q, 

PAQ, and 3x. P(x,yi ,... ,y n )- 

Proof. By Theorem 5.7.2 there are programs p, q respectively, such that P(x i,... ,x n ) is 
true iff [[p]] terminates on input (nq,...,x n ) and similarly for Q and q. Then the program 
just given also semidecides P A Q. 

Unfortunately this simple approach does not work for PVQ, since if the program for 
P loops then the program above does too — even though the Q program might terminate, 
making P V Q true. One way to prove termination is to run p and q alternately, as was 
done in the proof of Theorem 5.5.1, part 4. 

For a more elegant solution, recall that a predicate is a set of tuples, so PV Q is the 
union of two sets. If either P = 0 or Q = 0, then PV Q is trivially recursively enumerable. 
If neither is empty, then P = rng(/) and Q = rng(g) where f,g : D —»ID are recursive 
total functions. Define function h by 

h(x) = if hd(x) = nil then f(tl(x)) else g(tl(x)) 

Clearly h is total recursive, and rng(A) = rng(/) Urng(g) as needed. 

Finally, assume P(x,yi,... ,y n ) is r.e. If P = 0 then 3x. P(x,yi,... ,y n ) = 0 and so 
is trivially recursively enumerable. Assume P = rng(/) for a recursive total function / 
(recall that ID contains tuples). Define g(d) = f(tl( d)), clearly total recursive. It is easy 
to see that 


(yi,---,y n ) e ^g(g) ^^x.P(x,y 1 ,...,y n ) 
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which completes the proof. (Reasoning: given y\ ,..., y n G B, if 3x . P(x, y 1 ,..., y n ) is true 
then /(d) = (x,t/i, • • • ,2/n) for some d,x G B. Thus g{ d) = (y u ..., y n ) so (yi ,...,y n ) £ 
rng(g); and conversely.) □ 

Theorem 12.3.3 There are recursively enumerable predicates P,Q such that neither 
the predicate -i Q nor Vx . P(x,?/i, ... ,y n ) is recursively enumerable. 

Proof. By Theorem 5.7.2, since Theorems 5.3.1 and 5.6.1 prove that HALT predicate is 
semidecidable but undecidable. For the second part, any nonempty r.e. set is of the form 
A = rng(/) where / is total and recursive. Thus for any d G D 

dGAiff=lxGB.d = /(x) 

Predicate d /(x) is decidable since / is total recursive, so 3x G B . d = /(x) is recursively 
enumerable. Finally, its negation is Vx. d /(x). This cannot be r.e., as this would imply 
that B \A is also r.e., with HALT as a special case. □ 


12.4 The predicates defined by an inference system 

We now simplify and generalize the examples of Section 12.1. The result is a framework 
able to express the previous examples, and most logical proof systems as well. An 
inference system Z is a collection of inference rules which, acting together, define a 
collection of provable judgments. The idea is to think of the set of values for which each 
judgment is true as a predicate over B. The system proves assertions of form P(d) where 
P is a predicate name and d G B. 

12.4.1 A formalization of inference systems 

Definition 12.4.1 An inference system Z consists of 

1. Two finite sets, one of predicate names P,Q,...,Z and another of inference rules 
Pi ? P2 5 • • • ? Pm • 

2. For each inference rule R ri a corresponding type: R r = Pi x .. . x P^ —> P where 
P, Pi ,..., Pk are predicate names. 

3. Each inference rule R r with type Pi x ... x Pj~ — > P is a decidable inference relation: 

R r C D fc xD. □ 
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Definition 12.4.2 An inference system 1 defines the set Thms 1 of all judgments (the¬ 
orems) provable from T. By definition: 

1. Suppose R r has type Pi x • • • x Pk —» P and Pi(di),. .. ,P*.(dfc) G Thms 1 . If 
((d 1? ... ,dfc),d) G R rj then P(d) G Thms 1 . 

2. No set Thms 1 contains any element of D unless it can be shown so by some finite 
number of applications of the preceding clause. 

The premises of this application of rule R r are Pi(di), ... ,Pfc(dfc), and P(d) is called its 
conclusion. A special case: if k = 0, the rule is called an axiom. The effect of an axiom 
is to place elements into set Thms 1 with no need for premises. □ 

12.4.2 Examples of inference systems 

Operational semantics. In previous sections we saw a definition of expression evalu¬ 
ation by two ternary (3-ary) predicates: a b expression^ value for normal evaluation, 
and an auxiliary predicate o b mm expression value used for the minimization oper¬ 
ator. 

Horn clause deduction. Section 26.3 will describe the deduction of boolean variables 
(also called propositional variables) from a set TL of Horn clauses of form A\ A A 2 A ... A 
Ak => Aq. This is an archetypical example of an infernce system. In this context all 
judgments have form b A where A is a propositional variable, and one inference rule for 
each Horn clause A\ A A 2 A ... A Ak => Ao G TL: 

b A\ b A 2 ... b Ak 

b Ao 

Propositional logic. This system is at a higher meta-level, not being restricted to 
one fixed set TL of propositional (boolean) formulas. It has only a single predicate of 
form b P where P is a boolean formula (Appendix Section A.l), possibly containing 
boolean-valued variables. The following axioms and inference rule are from [100]. They 
can be used to deduce b P for all and only those boolean formulas P which are true for 
every assignment of truth values to their propositional variables. 

It is thus an example of a complete and consistent logical system: one which can prove 
all and only the true statements in its domain of discourse (in this case, propositional 
logic). As we will see from Godel’s theorem, this is an unusual property: in most logical 
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systems of a certain strength any consistent system must necessarily be incomplete, that 
is there must be true statements which are not provable. 


\-P=>(Q=>P) b (R => S) => [(R => (S => T)) T)} 

b P => (Q =>• P A Q) h FAQ -P \~PAQ=>Q 

A R)=> [(Q => R)=> (PvQ R)} b P^PWQ b Q^PwQ 

(P => Q) => [(P =>-iQ) => ^P] b— P^P 

b P b P=>Q 

bQ 


Following is an example of its use is to prove that I => I for any propositional variable I 
(symbol b omitted for compactness): 


_ /=>(/=>/) [ 7 =>(/=^/)]=>{[/=>((/=>/)=>/)]=>(/^/)} 

/=>((/=>/)=>/) _ [/=>((/=>/)=>/)]=>(/=>/) _ 

/=>/ 

12.4.3 Recursive enumerability of sets defined by inference 

systems 

Theorem 12.4.3 If 1 is an inference system, then Thms 1 is a recursively enumerable 
set. 

Proof. Given T with predicate names P,Q,...,Z and rules • • • ,Rm, define the 

syntax of proof tree forms to be all elements of ID generated by the grammar with non¬ 
terminal symbols S and D, start symbol S, and productions: 


S : := (nil r D S A ’) for every k -premise rule i? r ,r = l,2,...,m 
D ::= nil | (D . D) 
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Define a proof tree t to be a proof tree form such that every subtree 
(nil r d (nil^ di . (nil^ dfc ...)) 
of t where R r C T) k x ID satisfies: 

((di,...,dfc),d) G R r 

Further, t is a proof tree for predicate P if t = (nil r . . .) is a proof tree, and R r has 
type Pi x ... x Pk —> P. It is immediate from Definition 12.4.2 that P(d) G Thms 1 if and 
only if there exists a proof tree for P. 

It is straightforward to show from Definition 12.4.2 that the property “t is a proof tree 
for predicate P r is decidable (Exercise 12.3). Let program checkP decide this property. 
Consider the program 

read T; 

if checkP T then X := hd tl T else X := false; 
write X 

If input is a proof tree T = (nil r d . . .) for P, then the program outputs d. Thus by 
Theorem 5.5.1 rng([[checkP]]) is recursively enumerable. Further, 

rng([[checkP]]) = {d | P(d) G Thms 1 } 

so Thms 1 is a finite union of recursively enumerable sets, and so recursively enumerable 
by Theorem 12.3.2. □ 


12.5 A version of Godel’s incompleteness theorem 

Godel’s original proof involved statements concerning arithmetic on the natural numbers. 
Its pathbreaking achievement was to reveal a fundamental limitation in the power of 
mathematical proof systems: that beyond a certain complexity level, there can be no 
hope to have a proof system which is simultaneously complete and consistent. 

As might be expected, we will instead manipulate values in ID. This gives a substan¬ 
tially simpler construction, both displaying the power of our framework, and stimulating 
thought about the powers of logical systems in practice, for instance for reasoning about 
program behavior. 
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12.5.1 The logical language DL for D 

We now introduce a tiny logical language in which one can make statements about values 
in D. Each such statement has an immediately natural reading or “truth value.” We will 
then prove that no inference system as defined above can generate all true statements in 

DL. 

As is traditional in logic, we first give the syntax of DL expressions. For the sake of 
preciseness, we will define exactly what it means for a DL statement to be true, leaving it 
to the reader to check that this captures his or her intuitions about statements involving 
values from D. 

An abstract syntax of DL This is given by a grammar defining terms , which stand 
for values in ID, and statements , which are assertions about relationships among terms. 

Terms: T : := nil | (T.T) | xq \ x\ I ... 

Statements: S : := T=T++T | -i S I S A S I 3xi S 

The symbol ++ stands for the “append” operation on list values. Logical operators 
V, =>•,V, etc. can be defined from — A, □ above as usual, and equality T = T' can be 
regarded as syntactic sugar for T = T / ++ nil. Statements are intuitively interpreted in 
the natural way, for example the relation “x is a sublist of y ” could be represented by 
the following statement S (x,y): 

3u3v3w(y = w3~3~v A w = u++x) 

We now proceed to define “true statement” more formally and precisely. 

First, a free occurrence of a variable x in statement S is any occurrence which does not 
lie within any substatement 3x T of S. The set Freevars( S) of free variables in statement 
S is the set of all x which have at least one free occurrence in S. Finally, S is said to be 
closed if FreeVars( S) = {}. We will sometimes write S(x,y, ... ,z) instead of S alone, to 
indicate that its free variables are x,y,...,z. 

The operation of substitution is done by a function Subst(F,x, d) where d E D which 
yields the result of replacing by d every free occurrence of variable x within S(x). This 
may also be applied to several variables, written Subst{F , (aq,... ,x n ), (d 1 ... d n )). 

Definition 12.5.1 Let size(S) be the number of occurrences of operations ++, — A, □ in 
S. The set % of true closed statements of size i or less is given inductively by 
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1 . Ti — {(d 1 . . . dm ©1 • • • ©n) — (^i • • • dm)H • • • ®n) 

m,n > 0 and each d i,ej G ID} 

2. For i > 1: 

7^ + i — % U { -i S | S is closed and S ^ %} 

U { F1AF2 | FI and F2 gTJ 
U { EhS | Subst(S,x,d) G % for some d G ID} 

The set of trwe closed statements of DL is by definition T = 7} U 7*2 U • • • □ 

A concrete syntax of DL This is simply a representation of DL-terms and statements 
as values within D. Choose some pairwise distinct values nil , ++, 3 A, 3, all in D, 
which are pairwise distinct from each other, and from nil 2 for i = 0 , 1 , 2 ,... 

The concrete syntax is defined by 

Terms : CT ::= nil | ( A CT CT ) | nil 0 | nil 1 | ... 

Statements : CS ::= (±+ CT CT CT) | (- CS) | (A CS CS) | (3nil 2 CS) 

Finally, the set To is by definition the set of concrete syntactic encodings, as just de¬ 
scribed, of statements in T. 


12.5.2 Representation of predicates in DL 

Definition 12.5.2 A predicate P C D n is representable in DL if there is a statement 
S(^i,... ,x n ) such that 

P } (d^ ... d n ) | Subst( S, {x \,..., x n ), (d^ ... d n ) ) G T} 

Lemma 12.5.3 If set A CD is representable in DL, then so is A = 1D\ A. 

Proof. Suppose statement S(x) represents A as above. Then 
A = {d | Subst( S,x,d) ^ T} = (d | Subst(^ S,x,d) G T} 

□ 

Theorem 12.5.4 For any I-program p, the set dom([[p]) is representable in DL 
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Proof. Recall the semantics of Section 2.2. We only consider the sublanguage I of WHILE, 
so the store a used there can be replaced by the current value d of the single variable X. 

We will show that for each I expression E and command C, there exist DL-statements 
F E (d,d') and G c (d,d') that represent the binary predicates £[[E]]d = d' and Chd^d'. This 
suffices since if p is read X; C; write X, then dom([[p]]) is represented by statement 

3d'G c (d,d'). 

Expressions. This is by an easy induction on syntax: 

F n ii (d,d!) = d! — nil 

F x (d,d') = d' = d 

F(ei.e2 ){d,d!) = 3r3sF E1 (d,r)AF E2 (d,s)Ad' = (r.s) 


Commands. This is also by induction on syntax. We give the definition and then 
explain. 


Gx:=e (d,d r ) =F E (d,d / ) 

Gci ; c2 (d,d f ) = 3d // (G C i(d, d") AG C 2 (d",d f )) 

GwhiieEdoc (d,d f ) = (F E (d,mZ) A d = d') V 

3trace3fst3lst (trace = ( d.lst ) A trace = fst+ + (d'.nil) AF E (d\nil) A 

V/iViAAA/£ ( trace = h+ + (u.(v.t)) 

G c (u,v) A3e3f(F E (u,(e.f))))) 



Assignment is straightforward, and sequencing C1;C2 b d —>• d' is represented naturally 
by an intermediate state d". 

Representation of command while E do C is a bit trickier, since its execution may 
take an unbounded number of steps. The idea is to represent while E do C b d —» d' by 
a computation trace. This will be a sequence (di . . .d n ) where d = di, d' = d n , and 
C b d^ —> d^+i for i = 1,2,... ,n — 1. 

The construction above uses this idea. The two parts concerning fst and 1st ensure 
that the trace properly begins with d = di and ends with d! — d n . The remaining part 
(beginning F E (d',m/)) checks to see that E evaluates to false at the loop’s end (d' = 
d n ), and that while E do C b d^ —>• d^ + i holds for every pair d^,d^ + i in the trace. 
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12.5.3 Proof of a version of Godel’s incompleteness theorem 

We now show that the set T of true DL statements is not recursively enumerable. On the 
other hand, the set of all statements deducible in any inference is recursively enumerable 
by Theorem 12.4.3. As a consequence, any inference system that only deduces true DL 
statements cannot deduce all of them, i.e. there must be at least one statement which is 
true but not provable. 

Stated another way: any inference system whatever must either be inconsistent: it 
deduces some statements that are not true, i.e. in T; or it must be incomplete, i.e. it 
cannot deduce all true statements. 

Theorem 12.5.5 (Godel’s incompleteness theorem.) To is not recursively enumerable. 
Proof. Consider the set 

HALT = {(p.d) | p G WHILE— programs, d G WHILE—data, and Jp]](d)|} 

Now HALT = dom([[uJ|) where u is the universal program (self-interpreter) for I pro¬ 
grams, and so by Theorem 12.5.4 is representable in DL. By Corollary 5.6.2, its com¬ 
plement HALT = D\ HALT is not recursively enumerable. By Lemma 12.5.3, HALT is 
representable by some statement F(x), so 

HALT = {(p.d) | Subst(F,x, (p.d)) G T} 

Suppose 7o were recursively enumerable. By Theorem 5.7.2 there must exist a program 
q such that To = dom([qJ|). Then for any I-program p and input d, we have 

(p.d) G HALT iff [[q](5id>st(F,£, (p.d))) [ 

But this would imply that HALT is recursively enumerable, which is false. □ 

Corollary 12.5.6 For any inference system 1 and predicate name P: 

If {d | -P(d) G Thms 1 } C Tjj then {d | P(d) G Thms 1 } Q. Tjj 

In effect this says that if any inference system proves only true DL statements, then it 
cannot prove all of them. In other words there is and always will be a difference between 
truth and provability by inference systems (at least for DL). This captures one essential 
aspect of Godel’s incompleteness theorem. In comparison with the original proof, and 
others seen in the literature, this one uses surprisingly little technical machinery (though 
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it admittedly builds on the nontrivial difference between decidable and recursively enu¬ 
merable problems). 

Differences: first, this presentation does not involve Peano arithmetic at all, as Godel’s 
original work did. Our use of ID instead gave simplified constructions, but it could well 
be argued that the result is different since it concerns a different logical system (although 
one which seems no more complex than Peano arithmetic). We believe that some form 
of equivalence between Peano arithmetic and DL should not be difficult to establish. 

Second, Godel’s theorem is often presented as “any logical system of a certain minimal 
complexity must be either incomplete or inconsistent.” We have avoided the problem of 
dealing with “logical system” as studied in mathematical logic by substituting a proper 
generalization: “inference system.” The assumption above that {d | P(d) G Thms 1 } C 
7J) says in effect that X is consistent, and the proper inclusion we conclude expresses 
incompleteness. On the other hand, the formulation above says nothing about minimal 
complexity of X, just that “the full truth” of DL statements cannot be ascertained by 
means of axioms and rules of logical deduction. 

Third, Godel’s theorem begins with a logical system containing Peano arithmetic, 
and works by diagonalization to construct a witness: an example of a statement S which 
is true, but which cannot be provable. Godel’s original witness is (intuitively) true since 
it in effect asserts “there is no proof in this system of S” — so if the system were able to 
prove S, it would be inconsistent! 

Our version indeed uses diagonalization, but on I programs instead, and to prove 
that the problem HALT is not recursively enumerable. 


Exercises 

12.1 Express the first example of Section 12.1.1 as an inference system X in the style of 
Definition 12.4.1. □ 


12.2 Construct an inference system which defines the semantics of WHILE programs. 
Hint: rewrite the definitions of £ and C b a —> a'. □ 


12.3 Prove that the property “t is a proof tree for predicate P” is decidable. It suffices 
to sketch an algorithm. □ 
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the static and dynamic semantics of the programming language ML [129]. 




13 Computability Theory Based on 
Numbers 


The partial recursive functions have been studied extensively, using a framework very 
similar to our own but with function arguments, results, and program descriptions drawn 
from the natural numbers IN = {0,1,2,...}. This deeply studied field is known as recursive 
function or computability theory, and has been developed by Kleene, Rogers, Church, 
Turing, and others [100, 155, 23, 170] since the 1930s. 


A wide variety of formalizations proposed in the 1930s as candidates to define the 
class of all computable partial functions on natural numbers have all turned out to be 
equivalent. The candidates included the Turing machine; the lambda calculus (Church); 
primitive recursive function definitions plus minimization (Godel, Kleene); systems of 
recursion equations (Godel); and systems of string or term rewrite rules (Post, Markov). 


This confluence of ideas [51] led to the famous Church-Turing-Kleene thesis : that a 
partial function / : IN —> IN± is effectively computable if and only if it is computable by 
some Turing machine (and hence within any of the other formalisms). 


Two cornerstones of recursive function theory are the existence of a universal func¬ 
tion, and of a program specialization function (the latter under the name of the s-m-n 
property ), both partial recursive. Both concepts are very natural in Computer Science, 
as we have seen. 


Godel numbers versus programs as data objects Our approach differs from the 
classical one in that programs are data values in our framework, and so need not be 
encoded in the form of natural numbers. For the sake of perspective we briefly outline 
the beginning assumptions of classical recursive function theory; being entirely based on 
natural numbers, it is necessary to encode programs and nonnumeric data structures 
(e.g. n-tuples) as natural numbers. 

A straightforward analogy can be made between IN and D, the set of Lisp data 
structures. In our framework programs are elements of ID, so the need to enumerate 
programs by assigning each one a numerical index by an often complex Godel numbering 
scheme is completely circumvented. 
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13.1 The class of partial recursive functions 

An important early formalization of the concept of computability was the class of par¬ 
tial recursive functions or pi-recursive functions, defined and systematically investigated 
largely by Kleene, but already implicit in Gddel's earlier pathbreaking work [54, 98, 100]. 
This is a purely mathematical characterization, with few computational aspects: The 
partial recursive functions are defined to be the smallest class of functions containing 
certain initial functions and closed under several operations on functions. For the sake 
of completeness and links with other work in computability theory, we prove this class 
equivalent to functions computable by counter machines 

The lambda notation used in this chapter is defined in Appendix A.3.8. An abbrevi¬ 
ation: we write x n to stand for the tuple aq,... ,x n or (aq,... ,x n ). 

13.2 The //--recursive functions 

This class is defined in stages, beginning with a simpler class of functions, all of which 
are total. 

13.2.1 Primitive recursive functions 

Definition 13.2.1 A function g is obtained from / by explicit transformation if there 
are e ±,... ,e n , each either a constant in TV or a variable aq, such that for all x m G TV 

9 (X i,. . . , X m ) ,/ (T1 ? • • • 5 ^ n ) 

Definition 13.2.2 If / : IN k -> TV_l,& : TV n -> IN ± for i = 1,..., k then h : IN k -> TV ± 
is defined from /, <q,... , (q by composition iff for all x n G TV 



if each gi(x n ) ^ T 
if some gi(x n ) = T 


Definition 13.2.3 Function h : TV n+1 —» IN± is defined from / : TV n —>• IN±,g : TV n+2 
TVj_ by primitive recursion iff for all x n ,t G TV 

Mo,* n ) = /(^ n ) 

h(t + l,x n ) = g(t,h(t,x n ),x n ) if/i(t,T n )^T 
T(t + l,x n ) = T otherwise 
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Definition 13.2.4 Function / is primitive recursive if it is obtainable from base func¬ 
tions Xx . 0 and Xx . x +1 by some finite number of applications of explicit transformation, 
composition, and primitive recursion. 

An easy induction shows that every primitive recursive function is total. The operations 
of primitive recursion and explicit transformation may, however, be applied both to total 
and to partial functions. 

13.2.2 Primitive recursiveness and CM-computability 

Recall Definition 8.6.1. 

Theorem 13.2.5 

1. The functions: Ax.O and Ax.x + 1 are CM-computable. 

2. If / is CM-computable, then so is any function g obtained from f by explicit trans¬ 
formation. 

3. If /, # 1 ,..., (fa are CM-computable functions, then so is their composition. 

4. If /, g are CM-computable functions and function h is defined from them by primitive 
recursion, then h is also CM-computable . 


Therefore any primitive recursive function is CM-computable. □ 

Proof. Part 1: Function Ax.O is computable by the program whose only command is XO 
:= 0, and Xx.x + 1 is computable by the command XO := XI + 1. 

Part 2: given program q that computes /, prefix its command part by straightforward 
code to transform store [1 i—» x\ ,..., n i—» x n \ into store [1 e \,..., m i—» e m ]. 

Part 3: easy. Given programs to compute f,gi, ... ,g&, concatenate the code to com¬ 
pute and store g\{x n ) in XI, code to compute and store g 2 (x n ) in X2, ..., with the code 
to compute and store gk(% n ) in Xk, followed by the code to compute f(x k ). Some variable 
renaming and copying may be needed so internal variables of the g and / programs do 
not conflict with each other or XI, ..., Xk. 

Part 4 is left as Exercise 13.1. 


□ 
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13.2.3 Definition of /^-recursiveness 

In the following expression gy(f(y) = 0) operator /i, pronounced “minimum,” specifies a 
search to find a value of argument value y such that f(y) = 0, making zero the value of 
a given function /. 

Definition 13.2.6 Function h : IN n —> IN± is defined from g : IN n+1 IN by mini¬ 
mization iff for all x n G IN 

h{x n ) = t if t G IN is the smallest number such that g(t,x n ) =0 
h(x n ) = J_ otherwise 

Notation: we write function h in short form as: gt(g(t,x n ) = 0), or even gt.g. 

Definition 13.2.7 Function / is g-recursive if it is obtainable from base functions Xx .0 
and Xx . x + 1 by some finite number of applications of explicit transformation, composi¬ 
tion, primitive recursion, and minimization applied to total functions. 

A g- recursive function need not be total. Note that Definition 13.2.7 applies minimization 
only to total functions g. By Rice’s Theorem (Section 5.4), this property is undecidable 
from a program defining g, so Definition 13.2.7 does not naturally define a programming 
language (see also Exercises 13.2, 13.4). 

13.3 Equivalence of ^-recursiveness and 

CM-computability 

Lemma 13.3.1 If g : IN n+1 — > IN is a CM-computable and total function, then 
gt(g(t,x n ) = 0) is a CM-computable function. 

Proof. Given program p to compute g(£,x n ), the following program will compute 
gt(g(t,x n ) = 0): 

read XI, ..., Xn; 

T := 0; 

R := p T XI ... Xn; (* Apply p to 0,1,2... until it yields 0 *) 
while R do 

{ T := T + 1; R := p T XI ... Xn }; 
write T (* Write T when (if) that first happens *) 

□ 
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Corollary 13.3.2 Every //-recursive function / : JN n —> IN± is CM-computable. 

Theorem 13.3.3 A function / : IN n JN± is fi -recursive iff it is CM-computable. 

Proof. “Only if” is Corollary 13.3.2. We give only a sketch for “if,” as this is techni¬ 
cally rather complex, and beside the main point of this book: that using a structured 
data set such as ID significantly simplifies many constructions in both computability and 
complexity theory. In outline, the “if” part is proven as follows. 

The starting point is a CM-program p that computes /. Let p = Ii... I m , and suppose 
it has variables XO,... ,Xk where n < k. We assume input is via variables XI,... ,Xn, and 
output is the final value of XO. 

1. A CM-state s = (£,cr) where a = [0 > uo, 1 ;> vq ,..., k > Vk\ is represented by the 

number 

s = 2 e -3 v °-5 V1 ■ ■ ■ ■ ■ p v k k +2 

where pi is the i-th prime number (for any i > 0). 

2. Prove the function init{x n ) = 2 1 • 3° • 5 Xl •... to be primitive recursive. 

3. For £ = l,...,ra prove the following one-instruction store transformation function 
to be primitive recursive: 

ins^is) = s' iff l£ : s —■* s' 

4. Prove the following state transition function to be primitive recursive: 

s) if s = 2 £ • 3 V ° •... and f<m 
if f > m 

5. Prove the t-step state transition function stp(t,s) = nxt t (s) (that is, stp composed 
with itself t times) to be primitive recursive. 

6. Clearly the function g(x) = \it (s£p(£,s) = 0) is //-recursive. 

7. Finally, it is immediate that 

f(x) = y where stp(g(x) — 1, s) = 2 e -3 y -p v k \ 2 

This is //-recursive, since it is a composition of primitive recursive functions with 
the primitive recursive stp. 



Details of this sort of construction may be found in [34, 37 . 


□ 
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13.4 Kleene’s Normal Form theorem for the WHILE 

language 


A parallel development to that of Section 13.2 may be carried out using data set D and 
for the WHILE language, using a standard enumeration do, di,... of ID, for example as in 
Lemma 5.7.1. We omit the details as they are exact analogues of the above for the CM 
language. 

Definition 13.4.1 Let / : D n+1 IN be a WHILE-computable total function. The par¬ 
tial function /it(/(£,x n ) = true) : ID" —> T)± is defined by 


/ it(f(t,x n ) = true) = 


d^ if i is the least index such that f(t,x n ) = true 
J_ otherwise 


Lemma 13.4.2 If f : D n+1 —» IN is WHILE-computable and total, then = 

true) is a WHILE-computable partial function. 

Proof. Given program p to compute /, and start, next, New as in Lemma 5.7.1, the 
following program will compute fit(f(t,x n ) = true): 

read XI, Xn; start; 

R := p New XI ... Xn; 
while not R do 

{ next; R := p New XI ... Xn }; 
write Y 

□ 

The following is interesting because it shows that all recursive functions can be repre¬ 
sented in a uniform way. Intuitively, it says that selection of a function / to compute 
amounts to selecting the constant p below. Further, performing the computation on 
input d amounts to searching for the unique c that makes function T(p,d, c) the value 
true; and reading out the result is done by applying a very simple function U. 

This is essentially Kleene’s Normal Form theorem as in [100], but the result is some¬ 
what stronger due to our use of structured data. 

Theorem 13.4.3 There is a total function U : ID —> ID and a total WHILE-computable 
function T(p,d, c) such that 

1. For all p,d G ID there is at most one c G D such that T(p,d, c) = true. 

2. A partial function / : D —> ]Dj_ is recursive if and only if there is a p G ID such that 
for all d G ID 
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/(d) = U (/xc(T(p, d, c) = true) 

Further, U is WHILE-computable in constant time and T is WHILE-computable in linear 
time. 

Proof. Supposing T,{7 are recursive, the “if” of part 2 follows from WHILE-versions of 
Theorems 13.2.5 and 13.3.3. 

For “only if,” we must find T, U as described. Suppose / = JpJ for some program p 
(assuming only one argument x = x\ for notational simplicity.) Without loss of generality 
p has only one variable X (by Section 3.7.1). 

Recall the universal program ulvar seen earlier for one-variable WHILE-programs. 
Build from it a program which we call q, and define T(p,d,c) = [[q]](p.d.c). The idea 
is that q will simulate [[pj(d)’s computation just as ulvar does, but meanwhile it will 
check that argument c is a correct “trace” of its computation. 

More concretely, consider the universal program ulvar terminates within r iterations. 
Let Val* be the values of ulvar variables Val, Stk, Cd just before the ith iteration of 
ulvar’s while loop, and define ulvar’s reversed trace on input d to be c = (Val r . . . Vali 
Val 0 ). 


Now, 

program q: 



read 

PDC; 

(* Input is (program.data.c) 

*) 

Cd 

:= cons (hd PDC) nil; 

(* Control stack = (program.nil) 

*) 

Val 

:= hd (tl PDC); 

(* The value of X 

*) 

Stk 

:= nil; 

(* Computation stack empty 

*) 

Flag 

:= true; 

(* Trace is OK so far 

*) 

Trace 

:= reverse (tl (tl PDC)); 

(* Computation trace 

*) 

while 

Trace 7^ nil do 



{ if 

hd Trace 7^ Val then Flag : 

= false; (* Trace mismatch 

*) 


Trace := tl Trace; 

STEP }; 

if Cd 7 ^ nil then Flag := false; 
write Flag 


To begin with, program q terminates since the while loop decreases Trace, so T is a 
WHILE-recursive function. 

Program q on input (p.d.c) first stores c’s reverse (Valo Vali . . .Val r ) into vari¬ 
able Trace. It then simulates p a step at a time, checking along the way to see that 
Trace agrees with the values ulvar assigns to X. If p terminates on input d then 
ulvar terminates on (p.d), so q’s while loop will terminate with Cd = nil on input 
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(p . d. (Val r . . . Vali Valo)). Thus [[qj(p.d. c) = true and 
(/ic(T(p,d, c) = true) = (Val r ... Vali Valg) 

Further, if [[p]](d) = J_ then T(p,d, c) = false for all c. Clearly [[p]](d) ^ _L if and only if 
T(p,d, c) = true where c is p’s trace on input d. 

Finally, the theorem follows if we set U(c) = hd(c ), to return the final value that p 
assigns to its variable X. Clearly this is computable in constant time; and the time to 
compute T is proportional to the length of the computation trace c. □ 


Exercises 

13.1 Prove that the class of CM-computable functions is closed under primitive recursion. 

□ 

13.2 Explain why the construction used to prove Theorem 13.3.3 or Lemma 13.4.2 does 

not necessarily show that partial function py . / is recursive when / is a partial computable 
function. □ 

13.3 Extend p to functions on ID in the natural way using the enumeration do, di, ... of 

Lemma 5.7.1. Then prove that fit . f(t,p,d) = nil may be uncomputable when / is a 
partial WHILE-computable function. Hint: let /(t,p,d) = true if t = true, or if both 
t / true and [[p](d)|, else undefined. □ 

13.4 * Use the previous exercise to prove that pt . /(£, x) = 0 may be uncomputable when 

/ is a partial CM-computable function. □ 

13.5 (Hilbert’s choice function.)* Define g « ey . f(x,y) to hold if for all x, whenever 
there exists some y such that f(x,y ) = 0, then /(x,g(x)) = 0. In other words, g{x) 
produces some witness to the truth of 3y.f(x,y) = 0, but not necessarily the least one as 
was the case for py(f(x,y) = 0). 

Prove that if / is partial computable, there exists a partial computable partial function 
g with g ~ ey . P(x,y). Hint: use dovetailing as in Theorem 5.5.1. □ 


References 

Classic books on recursive function are the ones by Kleene, Davis, and Rogers [100, 33, 
155]. More recent ones include a newer one by Davis et.al. [37] and one by Sommerhalder 
and van Westrhenen [164], which has a scope similar to that of this book. 




14 More Abstract Approaches to 
Computability 


One could object to the previous treatment of recursion on the grounds that it explains 
recursive language constructions by means of recursion, for example in Section 2.2 or 
Figure 9.1 (or Section 12.1.2). One nonrecursive way to deal with recursion has already 
been given by example: “syntactic unfolding” in Section 12.1.2. 

This chapter begins with two additional, and different, nonrecursive ways to deal with 
recursion. The first is by means of fixpoints of functionals, in which a recursive definition 
is viewed as defining a mapping from certain partial functions to others. The second is 
by means of “reflexive programs”: the “Second Recursion theorem” due to Kleene. 

Relations: it can be proven that syntactic unfolding gives the same semantics as least 
fixpoints of functionals; and that its effect can be achieved by reflexive programs. Proofs 
may be found in [114, 155], but are beyond the scope of this book. 

The final parts of the chapter concern model-independent approaches to computabil¬ 
ity. Since the robustness results of Chapter 8 suggest that all computation models are 
equivalent, this is a popular modern starting point. Indeed, one result appearing at the 
chapter end is Rogers' Isomorphism theorem: Given any two programming languages L 
and M (with data IN) there exists a computable isomorphism (a one-to-one onto mapping) 
from L-programs to M-programs that does not change the computed functions. 

14.1 Recursion by semantics: fixpoints of functionals 

In this section we describe one approach to defining the meaning of recursively defined 
functions, by so-called “fixpoint semantics.” 

First an example: consider the recursive definition 

f(ri) = (if n = 0 then 1 else n* f(n — 1)) (14.1) 

This is intended to define a function / : TV — > IN ±. A Pascal program corresponding to 
the definition is: 

function f(n:integer):integer; 
begin 

if n = 0 then f := 1 else f := n * f(n - 1) 
end 
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The question naturally arises: what mathematical function / : IN —> IN ± is defined by a 
recursive equation such as (14.1)? 

This question amounts to “how does one interpret a recursive definition?” This is a 
decidedly nontrivial question since recursive functions are defined in terms of themselves, 
and problems of self-reference are notorious for creating philosophical problems. 

An answer: the function defined by a recursive equation such as (14.1) is often taken 
to be the least fixpoint of the functional T defined by the equation. We now define and 
clarify these terms. 

Uniqueness of functions defined by recursive equations 

The factorial function is the only function satisfying (14.1). It can happen, however, that 
an equation has more than one solution. For example, consider equation 

g(n) = (if n = 0 then 0 else if n = 1 then g( 1) else g(n— 2) + 2) (14.2) 

where f : IN —> IN±. It is satisfied by g(n) = n. On the other hand, it is also satisfied 
by many other functions, for instance g(n) = if n even then n else n-\- 100. The reason: 
there is no constraint on the value of g( 1 ). 

Which among the range of all possible functions that satisfy a recursive equation 
should we select as its “meaning,” i.e. the unique function defined by that recursive 
definition? It is desirable that 

• the “meaning” always exists; 

• it is unambiguous; and 

• it is a computable function (though perhaps partial), provided the operations in 
the equation are themselves computable. 

First, we define the meaning of the statement: “Function g : IN — » IN ± satisfies equation 
(14.2).” 

Definition 14.1.1 Function g satisfies (14.2) provided 1 g — g r , where g' is defined by 
g'(n) = (if n = 0 then 0 else if n = 1 then g( 1) else g(n — 2) + 2) (14.3) 

1 Recall that g — g' if and only if for all n £ IN, either g(n) and g'(n) are both undefined (_L), 
both in IN and equal. 


or are 
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Note that this definition is nonrecursive, since g' is defined in terms of g and not in terms 
of itself. Equation (14.3) defines a transformation from g to g'. Function transformers 
are often called functionals , and one may write for example g' = J~(g) where T is the 
functional defined by (14.3). In this case T has type (27V — ■> IN —> (27V —^ ZZV_l ), and is 
defined by 


F(g) = d', where 

g'(n) = (if n = 0 then 0 else if n = 1 then g( 1) else g(n — 2) + 2) 
For an example, T transforms function gs(n) = n 2 into 


^(93) = 9 ^ where 

g' 3 (n) = (if n = 0 then 0 else if n = 1 then l 2 else (n — 2) 2 + 2) 

Satisfying equation (14.2) thus amounts to asserting g = fF{g). Such a function is called 
a fixpoint of T. Our goal is therefore to select as standard interpretation a unique 
computable function g satisfying g = fF{g). 

dcf 

Some examples (where we write = for “equal by the definition of g r ): 

1. Claim: g\ satisfies (14.2) where gi(n) = f n. We show this by considering cases 

dcf 

n = 0, n = 1, and n > 1. First, .gi(0) = 0 = (if 0 = 0 then 0 else ...). Now suppose 
n=l. Then 



0 then 0 else if 1 


1 then #i(l) else...) 



trivially. Finally, suppose n > 1. Then 


2 + 2 = ^(n-2) + 2 


9i(n) = n = n- 
(if 71 = 0 then 0 else if 71 = 1 then gi (1) else gi (71 — 2) + 2) 


(14.2) is also satisfied by g 2 (™) 


def 


(if 71 even then n else JL). Arguing again by 


cases, equation (14.2) is trivially true for n < 1. If 71 > 1 is even then 


2 + 2 = <72(71 —2) + 2 


g 2 (n) = f 71 = 71 - 
(if 71 = 0 then 0 else if 71 = 1 then g 2 { 1) else g 2 (n — 2) + 2) 


and if 71 > 1 is odd then 


_L + 2 = g 2 (71 — 2) + 2 


92 (n) d = f l = 

(if 71 = 0 then 0 else if 71 = 1 then g 2 ( 1) else g 2 (n — 2) + 2) 
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3 . (14.2) is not satisfied by <73(72) = f 72 2 since 4 = < 73 ( 2 ) 7^ 2 = g' 3 ( 2). 

Fixpoints of functionals. Among all possible fixpoints, there will always be one which 
is least defined — the one such that g ~ d-'(g) but g(n) = _L for as many values of n as 
possible. This is naturally called the least fixpoint of T. 

At last our standard interpretation: the effect of recursive equation / = JT(/) is to 
define / to be the least fixpoint of T. 

Example. The least fixpoint of equation ( 14 . 1 ) is its only fixpoint: f(n) = n\ The least 
fixpoint of the equation for g is the function: 

<7(72) = if n is odd then _L else n 

The natural Pascal programs corresponding to the recursion equations for / and g have 
just these solutions. So a traditional Pascal implementation is correct inasmuch as it 
computes the least fixpoint of these equations. How can the least fixpoint be computed? 
We begin with an analogy from numerical analysis. 

Fixpoints of first order equations. Consider an equation of the form x = h{x) where 
x varies over the real numbers, for example 

x = 0.5 — x 2 

where h(x) = 0.5 — x 2 . Such an equation can often be solved by fixpoint iteration: a 
solution is the limit (if it exists) of the sequence xo,h(xo),h(h(xo)),..., where xq is an 
initial approximation to x. If x$ = 0, we obtain 

xq = 0, X\ = h{x 0 ) = .5 — Xq, x 2 = h{x 1 ) = .5 — x 2 , ... 

Evaluating, we obtain 

xo = 0,xi = .5 ,x 2 = .25, X 3 — .4375,X 3 = .3086,... 

which has as limit the solution x = 0.366... = (— 1 + \/3) / 2. 

Simple conditions on h guarantee convergence, i.e. that the limit of the sequence 
xo,h(xo),h(h(xo)),. .. exists. This method of fixpoint iteration is widely used in numerical 
analysis, for instance to solve matrix equations. 
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Computing the least fixpoint of a functional 

Similarly, the least fixpoint may be obtained as the limit of an infinite series of functions 
/o,/i,/ 2 ,... = /o,H/o),W/o)),... where 

/o(n) = _L for all n = 0,1,2,... 

Using this scheme we can verify that the least fixpoint of the equation 
/(n) = (if n = 0 then 1 else n * f(n — 1)) 

is f(n) = n\ Its computation is seen in the table below. The scheme is constructed a row 
at a time, with /q as given above. The line for /*+1 is constructed from the previous line 

by 


fi+i(n) = T{fi) = (if ra = 0 then 1 else n*fi(n- 1)) 


• 


n = 0 

n = 1 

n — 2 

n = 3 

n = 4 

n = 5,... 

0 

/o 


_L 

_L 

_L 

_L 

1 ^ • • • 

1 

fl 

1 

_L 

_L 

_L 


l ^ a a • 

2 

h 

1 

1 


T 

_L 

_ l_. ^ a a a 

3 

h 

1 

1 

2 

_L 

_L 

l ^ a a a 

4 

h 

1 

1 

2 

6 

_L 

l ^ a a a 


oo 

/ 

1 

1 

2 

6 

24 

120,... 


Remarks. 

1. Function /o is an initial (and very poor) approximation to the least fixpoint of fF, 

and are successively better approximations. 

2. The individual functions fi will most likely not be fixpoints (and the ones in the 
table are not). But the limit of /o,/i,/ 2 ? --- will always exist, and will always be 
JF’s least fixpoint. 

3. More precisely fi □ /$+1 for all i, where / □ g iff for all x G TV either /(x) = _L or 
f(x) = g(x) G TV. The limit is the smallest function (with respect to partial order 
□) / such that fi C / for all i. 
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4. This scheme works in principle and as a definition, but for practical implementation 
a more efficient way to compute the same values would be used. For instance one 
would only compute those values of f(x) that are needed for the final answer. 

Theoretical Basis. Putting this informal discussion on solid foundations requires some 
mathematical “machinery,” for example as presented in [114, 158]. There it is shown 
that the least fixpoint always exists and that the sequence /o, fi , /2 , • • • above always 
converges toward it, provided functional T is “continuous” (in a sense different from 
that of analysis). Fortunately, any recursive function definition one can write using 
variables, constants, tests, function calls and continuous base functions (such as +, *, 
and “if-then-else”) defines a continuous functional. 

Mutual recursion. It is easy to generalize this approach to assign meaning to a col¬ 
lection of functions defined by mutual recursion, by computing the least fixpoint of a 
functional on a cartesian product of sets of partial functions. (In Scott’s domain theory 
this is extended to a variety of other “domain constructors,” see [158].) For an example, 

f(n) = (if n = 0 then true else g(n — 1)) 
g(ri) = (if n = 0 then false else f(n — 1)) 

defines functions f,g : IN —» IB such that f(n) = true for even n and false for odd n, and 
g(n) = false for even n and true for odd n. 

14.2 Recursion by syntax: Kleene’s and Rogers’ 

recursion theorems 

14.2.1 The theorems and some applications 

Kleene’s second recursion theorem [100] in essence guarantees the computability of func¬ 
tions defined by self-referential or “reflexive” algorithms. Given this ability, it is possible 
to simulate recursion as a special case, without having it as a built-in language con¬ 
struct. The theorem thus gives an alternate way to assign meaning to recursive language 
constructs. The recursion theorem has many applications in recursive function theory, 
machine-independent computational complexity, and learning theory [14, 19]. It is valid 
for any programming language computing all partial recursive functions, such that the 
s-m-n Theorem holds and a universal program exists. Such a language is called an 
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“acceptable enumeration” (Rogers [155]) of the partial recursive functions, and will be 
discussed later in this chapter. 

We will first prove the recursion theorem to hold for an extension of the I language. 
The proof is straighforward, and yields much more efficient programs than those given 
by traditional constructions [100, 155]. In Section 14.3 it will be shown to hold for all 
acceptable enumerations, thus all reasonable programming languages. 

First, some motivating discussion. 

The theorem and applications 

Kleene’s version of the recursion theorem may be stated as follows, for a language L not 
yet specified. Proofs will given later, at which time we will also discuss the efficiency of 
the programs whose existence is proven. 

Theorem 14.2.1 (Kleene’s second recursion theorem.) For any L-program p, there is 
an L-program q satisfying, for all inputs d G L -data, 

M(d) = M(q- d ) 

Typically p’s first input is a program, which p may apply to various arguments, transform, 
time, or otherwise process as it sees fit. The theorem in effect says that p may regard q 
as its own text , thus allowing self-referential programs. 

Rogers has an alternative version of this theorem, which gives another viewpoint 
that is more convenient for some applications. It in essence says that every computable 
total program transformation has a “syntactic fixpoint”: a program p whose meaning is 
unchanged by the transformation. 

Theorem 14.2.2 (Rogers’ recursion theorem.) For any total computable function / : 
L -data —» L -data, there is a program q such that for all inputs G L -data, 

M - [/(q)l 

A first application is to prove the existence of a program q which yields its own text 
as output, regardless of its input — a favorite (and nontrivial) beginning programming 
exercise. 

Example 1: A self-reproducing program, using Kleene’s theorem. Let program p satisfy 
[[p]](r.d) = r for all r, d. Letting q be the program given by Theorem 14.2.1, we have 


[q](d) = W(q.d) = q 
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Example 2: A self-reproducing program, using Rogers , version. Let the obviously 
computable function / be defined (informally) by 

/(p) = the program "read X; Y := p; write Y" 

Clearly [q] ~ [[/(q)J implies [[qj(d) = [/(q)](d) = q as desired. 

Example 3: Elimination of recursion, using Kleene’s version. Let L = I. Consider the 
total computable function [[p]]: ID —» ID defined by 

[[p]] (q- x) = [if x = 0 then 1 else x * [[q]] (tl x)] 

where x is assumed to be a numeral nil n , as in Section 2.1.6. The call to q can be pro¬ 
grammed as the call [[i]]((q. (tl x))), where i is the universal program for I-programs. 
By Theorem 14.2.1, there is a “fixed-point 55 program e with the property 

[[e]] (x) = [[p]](e.x) = [if x = 0 then 1 else x • [i] ((e. (x-1)))] = 

[if x = 0 then 1 else x • [[ejj(x-l)] 

Thus e, which was found without explicit use of recursion, is the factorial function. More 
generally, Kleene’s theorem implies that any acceptable programming system is “closed 
under recursion.” 

Other examples, including the Blum Speedup Theorem involve computing time and 
appear in Chapter 20. 

14.2.2 Proof for a reflexive extension of I 

Our first proofs of the Recursion theorems are indirect, applying only to a “reflexive” 
programming language extending I. 

Let C be an extension of language I, with syntax as in Figure 14.1. This is an 
abstract syntax; a concrete one is obtained as in Section 4.2 by encoding * and univ as 
trees built from nil. 

Informal semantics: the value of expression * is the text of the program currently 
being executed. The value of expression univ(E, F) is the value of [[e]|(f), where e is 
the value of E and f is the value of F. In words: evaluation of E is expected to result in 
a program text. This program is then run with the value of F as input, and the result of 
this run is the value of univ(E, F). Somewhat more formally: 

Definition 14.2.3 The 1^ language has C -programs C D and C -programs the result of 
encoding the programs generated by the grammar of Figure 14.1 uniquely as elements of 
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Expressions 

3 

E, F ::: 

= X 








nil 

sL, 

cons E F 

hd E 

tl E 




* 

univ 

(El, E2) 



Commands 

3 

C, D ::: 

= X : = 

E 

C ; D 

while 

E do C 

Programs 

3 

P :: 

= read 

X; 

C; write X 



Figure lf.l: Abstract syntax of the 1^ language. 

ID. Its semantic function is defined by: 

[pl T (v) = [i^Up.v) 

where if is the self-interpreter for I from Section 4.2, modified so that the STEP macro 
is replaced by the extension in Figure 14.2. 

Note that if is an I program; hence any id program can be efficiently compiled into I. 

How interpreter id works: the program being interpreted is always available in i- 
variable P during interpretation. Its value is the value computed for *, as seen in the 
first new part of the case statement. For the rest, recall the expression evaluation and 
command execution invariants of Section 4.1.1. 

Expression univ(El, E2) is handled by first saving the current value VI of variable 
X, and then evaluating El and E2. This is done by the case part that pushes El, E2, and 
douniv onto the control stack Cd. Once their values VI, V2 are obtained (in reverse order 
on the computation stack St), the case for which douniv starts Cd applies. This replaces 
VI by V2, and pushes VI onto Cd. By the command execution invariant of Section 4.1.1 
this will effect execution of program VI on input V2. Once this is completed, the result 
of the program run is stored into variable VI. The case for which clean starts Cd re¬ 
establishes the expression invariant by: pushing VI onto St; resetting VI to its former 
value (saved on Cd); and continuing with the rest of the program. 

Remark : running interpreter id on an I program will be slower than running the 
same I program directly. However the cost is only the overhead of one extra interpre¬ 
tation layer — not prohibitive, even for programs using * and univ. The point is that 
invoking univ does not cause a new layer of interpretation, but just continues to use the 
current interpreter’s facilities by simulating a recursive call using the stacks. Thus the 
multiplication of interpretive overhead mentioned in Section 6.2 is avoided. 
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case Cd, St of 



• • • 

(Old E) .Cd) , 

St 

=> Cd:= cons* E dohd Cd; 

(dohd.Cd), 

(T.St) 

==> St:= cons (hd T) St; 

((*).Cd), 

St 

St:= cons P St; 

((univ El E2).Cd),St 

Cd:= cons* El E2 douniv Cd; 

(douniv.Cd), 

(V2.(VI.St)) 

Cd:= cons* VI clean VI Cd; Vl:= V2; 

(clean.Old.Cd), 

St 

=> St:= cons VI St; VI:= Old; 

• • • 

((; Cl C2).Cd), 

• # • 

St 

Cd:= cons* Cl C2 Cd; 


Figure 14-2: Reflexive extension of the STEP Macro. 


We now program the two examples above directly in I 


Example 1: a self-reproducing program. Let q be the following program, in abstract 
syntax form: 

read X; 

X := *; 
write X 

Running this program on any input will yield q as output. 


Example 2: recursive computation in a nonrecursive imperative language. The facto¬ 
rial function is computed by the following 1^ program: 

read x; 
if x = 0 

then Answer := 1 

else { Temp := x - 1; Answer := x • univ(*, Temp) }; 
write Answer 


Theorem 14.2.4 Kleene’s and Rogers’ recursion theorems hold for L 



Proof. Kleene’s theorem: For an arbitrary 1^ program p = read X; C; write Y, let q 
be the following 1^ program: 
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read D; 

X := cons * D; 
C; 

write Y 


For any d G B, q first assigns (q.d) to X, and then writes [[pj^(q.d) = [[q] T (d). 


Rogers' theorem: Given 1 1 program p with / = [[p]] , let q be the 1 1 program: 


read D; 

Tem := p *; 

Y := univ(Tem, D); 
write Y 


For any d G B, UqjT(d) = [rjT(d) where r = fpf (q) = /( q). Thus [qj 


H/(q)I 



14.3 A model-independent approach to 

computability 

Turing machine computability is often expressed mathematically by beginning with a 
standard enumeration po, pi, p 2 ,. • • of all Turing machines. Letting p* be the zth Turing 
machine in the list, for each i > 0 one may define ipt : IN IN± to be the partial function 
that pi computes. 

A similarity with this book's framework is immediate, if we identify the zth Turing 
machine with its numerical index i (i is often called the Godel number of the Turing 
machine “program”). Then the enumeration defines a programming language with data 
domain IN and semantic function J-J™ : JN —»(TV —> IN±) where pj™d = ipi( d). This is 
extended to multi-argument functions by defining the partial n-ary function tp™ : IN 71 —» 
TV_l to be 

n ) = ipi(<X 1 ,...X n >) 

where is a total computable one-to-one “tupling function” that assigns a unique 

natural number to each n-tuple of natural numbers. The superscript of (p 77 is dropped 
when the number of arguments is clear from context. 

An example 2-tupling or pairing function is <x,y> = 2 X - 3 y already seen in Figure 
8.4. Actually, pairing is enough since tuples can be formed by repeated pairing: define 
<X 1: X 2 , • • • ,x n > to be <Xi,<X 2 , - • ■ , < Xn-l,X n > - ■ 
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More recent recursive function theory, e.g. as formulated by Rogers [155], begins even 
more abstractly: instead of an enumeration po, pi, P 2 ,- •• of programs, one simply as¬ 
sumes that for each i > 0 there is given a partial function Lpi : IN —> IN±. The starting 
point is thus an enumeration <poi(pi,(p 2 , ... of one-argument partial recursive functions 
that are required to satisfy certain natural conditions. The definition given below cap¬ 
tures properties sufficient for a development of computability theory which is entirely 
independent of any particular model of computation. 

The underlying theme is to avoid explicit construction of programs wherever possible, 
so there is no formal definition of program at all; a program is merely an index in this 
standard enumeration. Informal algorithm sketches, with liberal appeals to the Church- 
Turing thesis, are used to establish computability. 

The approach emphasizes extensional properties expressed in terms of numbers and 
mathematical functions, rather than intensional properties of programs, for example their 
appearance, time efficiency, or storage consumption. 

Our goals are somewhat different, though, partly because we start from Computer 
Science, in which the exact nature of programs and their intensional properties is of 
major concern. We are more interested in efficient problem solving by programs than 
in exploring the outer regions of uncomputability. Nonetheless the interplay between 
these two viewpoints is fascinating and well worth study, since the extensional viewpoint 
focuses on what the problems are that are to be solved (computing functions, deciding 
membership in sets, etc.), whereas the intensional viewpoint focuses on how they are to be 
solved, by concrete programs running with measurable time and storage usage. Another 
way to describe this is as a distinction between problem specification and problem solution 
by means of programs. 

14.3.1 Acceptable enumerations of recursive functions 

In the following definitions, an n- argument function / : IN n —» IN± is consid¬ 
ered effectively computable iff for some total effectively computable tupling function 
<xi,X 2 , •.. ,x n > there is a one-argument effectively computable g : IN —> IN j_ such that 
for any x \,..., x n G IN 

f(xi,...,x n ) = g(<x 1 ,x 2 ,...,x n >) 

For conciseness we will also write x.y instead of <x,y>. Henceforth we will write a 
value ranging over IN in teletype font, e.g. p, when it clearly denotes an index used as a 
program, otherwise in mathematical style, e.g. p. 
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Definition 14.3.1 A sequence ipoiVuVZi--- of partial recursive functions is defined to 
be an acceptable enumeration [155] if it satisfies the following conditions: 

1. Turing completeness : for any effectively computable partial function / : IN —> IN j_ 
there exists an index p G IN such that (p p = f. 

2. Universal function property : the universal function univ : TV x TV —> IN± is com¬ 
putable, where univ( p,x) = y? p (x) for any p,x G TV. 

3. s-m-n function property : for any natural numbers m,n there exists a computable 
total function s™ : TV m+1 —> TV such that for any index p G IN and any inputs 
(xi,...,a; m ,2/i,...,2/ n ) G TV m+n 


Tp (.Ti, . . . , Xm 5 Vl 5 • • • 5 2/n) 




These properties correspond to quite familiar programming concepts. Completeness says 
that the language is “Turing powerful 5 ' and so by the Church-Turing thesis at least as 
strong as any other computing formalism. 

By the completeness property, there must be an index up G TV such that [[up](p.x) = 
univ{ p,x) for any p,x G IN. By universal function property, program up is a universal 
program such that <^ up (p,x) = univ( p,x) = ^ p (x) for all x G TV for any index p G TV. But 
this can be re-expressed as [[up]](p.x) = [[p](x), so U P is a self-interpreter as in Definition 
3.4.1. 

Finally, the s-m-n function property asserts the possibility of program specialization, 
also known as partial evaluation. To see this, let m = n = 1. Since s\ is computable, by 
property 1 there must be a program spec that computes it, so s\ = [[spec]]. The last 
equation above becomes, after omitting some sub- and superscripts: 


^p(x,y) = ^ spec ( P ,x)(y) 

which can be re-expressed as [[pj(x.y) = [[[[spec]] (p.x)]](y) , the same as Definition 3.6.1. 
Further, an m + n-argument function may be specialized to its first m arguments by a 
series of one-argument specializations, using the pairing function. 

Clearly any of the languages we have studied so far can be used to define an acceptable 
function enumeration, by appropriately numbering its programs. 


Theorem 14.3.2 Language I defines an acceptable enumeration. 


Proof. Let do,di,... enumerate D as in Lemma 5.7.1, and define (fi : TV —» TVj_ by 
<Pi(n) = m if [[dJ I (nil n ) = nil 771 , else T 
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Functions taking i to and back are clearly computable by the Church-Turing thesis. 

□ 

A simple result using this approach is that symbolic function composition is possible in 
any language defining an accepable enumeration. This generalizes the result of Theorem 
13.2.5, that symbolic function composition can be done for CM programs. 

Theorem 14.3.3 Given any acceptable enumeration (/?, there is a total recursive func- 

• 2 • • 
tion compose : IN —> IN such that for any indices p, q and x G IN 


P compose^ p.q) (t) — V^p( ( Pq(^')) 


Proof. By the Church-Turing thesis, the function ipi{ipj(x )) is computable; our task is 
to find an index for it by a uniform method. First, define f by 


/(P,q,z) =¥>p(^q(x)) = univ(p, univ(q,x)) 

(equality holds by universality). By the Church-Turing thesis, this 3-argument function 
is computable, and so by Turing completeness has some index r. The needed function 
is then compose = (/^compose where compose = s^(r,p,q). Alternatively this can be done 
using only one-argument specialization, by: compose = s}(s;[(r,p),q). □ 


Remarks 

Even though very natural from a computing viewpoint, these conditions are not guaran¬ 
teed to be satisfied for any arbitrary sequence ty?i, • • • of partial recursive functions. 
For example, suppose the indices i correspond to positions in a listing of all finite au¬ 
tomata, and (fi{x ) is the result of applying finite automaton number i to input x expressed 
as a bit string. This fails Turing completeness since it is well known that finite automata 
cannot compute all computable functions. Similarly, there exist enumerations possessing 
a partial recursive universal function but not a partial recursive s-m-n function, or vice 
versa, or neither [113], [155]. 

14.3.2 Kleene’s and Rogers’ theorems revisited 

Theorem 14.3.4 Kleene’s recursion theorem holds for all acceptable enumerations (p: 
For any program p G TV there is a program e G TV such that ip e {x) = (/? p (e,x). We call 
such an e a Kleene fixed-point for p. 
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Proof. By the s-m-n property there is an effectively computable function spec : IN —> IN 
such that p v (ipx) = p spe c(p.y)( x ) holds for any program p G IN. It is evidently possible 
to construct a program q G IN such that for any x,y: 

V<i{y,x) = <P f (spec(y,y),x) 

Let e be the program spec{ q,q). Then we have 

(fi v {e,x) = ip p (spec( q,q),x) = ^ q (q,x) = ^ spec ( q , q) (x) = (f e {x) 

□ 

Remark : This proof was devised by Kleene as a realization in his framework of “reduction 
by the Y combinator^ from the lambda calculus. Close examination reveals a similarity, 
except for the use of the universal and s-m-n functions which is needed here. 

Theorem 14.3.5 (The second recursion theorem, Rogers' version (1967)) For any com¬ 
putable function, /, taking programs as input (a program transformation) there is a 
fixed-point program, that is an n G IN such that 

<Pn(x) = <Pf(n)(x) 

whenever /(n) is defined. For a program p with cp p = /, this n is called a Rogers fixed-point 
for p. 

Informally, this says that any computable program transformer has a “syntactic fixpoint,” 
i.e. a program n whose meaning is unchanged by the transformation. Possibly relevant 
applications include cryptography. 

The direct proof of Rogers' version of the recursion theorem is a bit more involved 
than that of Kleene’s, see [155]. Due to the following propositions, the two apparently 
different theorems are of equal power in the sense that given the ability to find Kleene 
fixed-points Rogers fixed-points can be found as well and vice versa. 

Lemma 14.3.6 Rogers implies Kleene: Theorem 14.3.5 and the s-m-n property implies 
Theorem 14.3.4. 

Lemma 14.3.7 Kleene implies Rogers: Theorem 14.3.4 together with the universal func¬ 
tion property implies Theorem 14.3.5. 

Proof. Lemma 14.3.6: Given p, let /(n) = spec{ p,n) (we use the s-m-n theorem). Then 
by Theorem 14.3.5 we have, as required for all x: 


fn(x) = <fif( n )(x) = Vspec( p,n) 0) = ^p( n ^) 
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Lemma 14.3.7: Let / be any computable program transformation. By the Church-Turing 
thesis applied to to the universal function and / there exists a program gp such that 
(Pg P (q.x) = V 9 /( q )( x ) when q G IN and /(q) is defined. By Theorem 14.3.4 the program 
gp has a fixed-point, that is, there is an e with (p e {x) = ip gp (e,x) = Thus e is a 

Rogers fixed-point program for the transformation f. □ 

In the proofs of Theorem 14.3.4 and Proposition 14.3.7 fixed-points are obtained in a 
uniform manner. The second recursion theorem can therefore be generalized a bit: 

Proposition 14.3.8 There exist total computable functions, kfix,rfix : IN — » IN , such 
that for any program p G TV, kfix(p),rfix(p) are Kleene, respectively Rogers, fixed-points 
for p. 

14.3.3 Relation to the fixpoint theorems for P 

A strength of the results just proven, in relation to that of Theorem 14.2.4, is that they 
hold for any programming language defining an acceptable enumeration. In particular 
they hold for I as well as for 1^, and even for Turing machines. 

A weakness, however, is that all nontrivial uses of either fixpoint theorem seem to 
require the universal program. If the constructions seen above for Theorems 14.3.4 
and 14.3.5 are carried out in practice, the resulting programs e or n turn out to be 
unacceptably inefficient. For example, [62] reports several experiments to compute the 
factorial n! Every program built, by either the Kleene or the Rogers method, had running 
time greater than exponential in n. The reason is that carrying out the constructions 
above literally leads to the use of n interpretation levels, each consisting of one universal 
program interpreting the next, in order to compute n\ 

The “reflective” construction of Theorem 14.2.4, however, only takes approximately 
time linear in n to compute n!, since only one interpretation level is ever involved. More 
details on experiments and efficiency of fixpoint algorithms may be found in [78, 62]. 


14.4 Rogers’ isomorphism theorem 

Rogers’ remarkable theorem is that there exists a compiling bijection between any two 
programming languages L, M defining acceptable enumerations of the partial recursive 
functions on TV: compiling functions which are total, computable, meaning-preserving, 
one-to-one, and onto. The proof involves several steps: 
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1. An easy proof that there exists a meaning-preserving computable total function 
from L-programs into M-programs (and thus vice versa). Step 2 strengthens this by 
adding “one-to-one,” step 4 shows the compiler can be strictly increasing, and step 
5 finishes the proof. 

2. A specializer is constructed which is one-to-one in its second argument. Conse¬ 
quence: the compiler of step 1 may be can be made one-to-one. 

3. A “padding lemma” is proven: every program can be transformed into an equivalent 
one which is as large as desired. 

4. Consequences of step 3 are proven: 

(a) There is a strictly monotonic compiler g : L -programs —> M -programs, meaning 
g(p) < #(p + 1) for any L-program p. 

(b) There is a strictly monotonic compiler h : M -programs —» L -programs. 

5. g and h are merged to yield the desired one-to-one compiler, using a method drawn 
from a proof of the Cantor-Bernstein 2 theorem. 


Notational conventions. To reduce notational overhead we henceforth assume that 
L, M and the anonymous ip are acceptable enumerations of the partial recursive functions, 
so natural numbers serve as both programs and data for each language, each is Tur¬ 
ing complete, and each has its own universal function and one-argument specialization 
functions. For L, call these functions respectively univ L and spec L: and the L-programs 
to compute them: univ L and spec L ; if we wish to emphasize the programming language 
viewpoint we may write [[p]] L (d.) instead of univ L (p,d). Language M is treated analogously; 
and enumeration ip has functions univ or [[_](_), spec, and programs: univ and spec. 

Even though all the program and data sets equal IN we sometimes write, for example, 
“L-program p” to help the reader keep clear which language is being discussed. 

Proposition 14.4.1 There is a total computable function r : L -programs — > M -programs 
such that [[p]] L = Jr(p)]] M for any p G L -programs. 

Proof. Function univ L is partial recursive, so by Turing completeness there is an M- 
program ulm with Julm]] M = univ L . Consider function r(p) = spec M (ulm.p). This is 
certainly total and computable. Further, it is an L-to-M compiler since 

2 This theorem states that if there exist two one-to-one functions / : A —► B,g : B —► A, then there 
exists an isomorphism (a one-to-one and onto function) between A and B. 
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Up]] L (d) = univ L ( p.d) = Julm]] M (p.d) = [[spec M (ulm.p)]] M (d) 



Solving equations with programs as unknowns by the recursion theorems 

Both form of the recursion theorem amount to computable equation solving , in which 
the “unknowns” are programs. For the Kleene version: given a program p, we wish to 
find a q such that for all data d the equation [[pj(q.d) = [[qj](d) holds. For the Rogers 
version: given a computable function /, we wish to find a q such that equation [[q]] = 
J/(q)J holds (equality of two input-output functions). 

This idea underlies the following construction. 

Theorem 14.4.2 Let h be a total recursive function, and spec an s-1-1 function. There 
is an i such that [[/i(x)]] = \spec(i,x)\ for all x, and such that spec(i,x) is one-to-one as 
a function of x. 

Proof. Call i a “1-1 specialization index” if spec(i,x) is one-to-one as a function of x. We 
formulate an equation with free variable i such that any solution i is a 1-1 specialization 
index, and satisfies [/z(rr)]] = \spec(i,x)\ for all x. The equation: 

0 if spec(i,j) = spec(i,k) for some k < j 

1 if spec(i,j) ~f~ spec(i,k) for all k < j and 

spec{iC) = spec(i,k) for some k with j < k <y 
[[h ( j ) ]] ( y) otherwise 

This is recursively defined, since program i is used on both sides. Still, the right side 
is clearly a computable function of i, (Church-Turing!), so there is a program r such 
that [r]](i, j,z/) equals the right side’s value. Define f(i) = spec{r,i ). Then certainly pj 
= [[/(z)]] is another way to express the equation. 

By Rogers’ version of the recursion theorem (since / is clearly total computable), [[ij 
= [[/(z)]] has a solution i. We now show that i is a 1-1 specialization index and J/i(ir)]] 
= \spec(i,x)\ for all x. First, suppose for the sake of contradiction that i is not a 1-1 
specialization index. Consider the smallest k such that specify j') = spec(i,k) for some 
j' > /c, and let j be the smallest such j' for this k. Then for any y we have 

lspec(i,j)}(y) = p]( j,y) = 0 
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and for all y > j we have 

lspec{i,k)]](y) = p]( k,y) = 1 

This contradicts spec(i,j) = spec(i,k). Consequently i must be a 1-1 specialization index 
so spec(i,x) is one-to-one as a function of x. But this implies that the first two cases of 
the equation (yielding 0 and 1) can never apply, and so that \spec(i, x)\(y) = [[z]](x,z/) = 
lh(x)]](y) for all y, as required. □ 

Computational remarks on this theorem: the first two parts of the equation serve only 
to detect possible violations of the one-to-one property of spec(z,x), but every solution i 
must be one-to-one (in argument x), as just argued. It seems somehow paradoxical that 
the first two cases above can never apply for any j,z/; but the cases must be present, else 
the recursion theorem would not yield a program i with the desired property. 

It would be interesting to investigate the relative efficiency of the two programs h(x) 
and spec(i,x). Without the first two parts of the equation, one could compute [[z]] (j,y) = 
univ(h(j),y ), not too expensive. It appears, though, that the extra overhead imposed 
by the search over k values could be substantial. 

Proposition 14.4.3 There is a one-to-one total computable r : L -programs —> M- 
programs such that Jp]] L = Jr(p)]] M for any p G L -programs. 

Proof. Let h be a total recursive compilation function as given by Proposition 14.4.1. 
Given this h, let z be the index from Theorem 14.4.2. Then r(p) = spec(z,p) is a one-to- 
one compiling function as required, since [[/z(p)] = Jspec(z,p)]]. □ 

Program padding 

It is intuitively clear that one can, by adding useless instructions, transform any pro¬ 
gram into another which is arbitrarily larger but equivalent. This is the essence of the 
following. Remark: the condition “arbitrarily larger but equivalent” is neatly and ab¬ 
stractly expressed by the fact that function tt is one-to-one and for all d we have [[p] CM 
= [[7r(p,d)]] CM (reflect a bit on this). 

Lemma 14.4.4 The Padding Lemma. For any language L defining an acceptable enu¬ 
meration there is a one-to-one total computable function tt : IN x TV —>• TV such that [[p]] L 
= [[7r(p,d)]] L for every p, d G TV. 
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Proof. Consider the pairing function pr(x,y) = <x,y> from Section 14.3, and let pr\ 
be its (computable) left inverse, so x = pr\{<x,y>) for any x,yG IN. Choosing h = pr i 
in Theorem 14.4.2 (and omitting superscripts), we obtain a program index i such that 
[[pri(z)]] = \spec(i,z)\ for all z. By definition of spec this implies for any p, d that 

M = Im(< P> d >)] = lspec(i, < p, d >)] 

By Theorem 14.4.2 the function 7r(p,d) = spec(i,< p,d >) is total computable, and one- 
to-one in < p,d >. □ 


Using padding, we can now strengthen Proposition 14.4.3 to make the compiling functions 
strictly monotonic. 

Proposition 14.4.5 There is a total computable g : L-programs —> M -programs such that 
M L = M?)T f° r P C L -programs, and 0 < g( p) < g(p + 1) for all p. 

Proof. Let r be the one-to-one function from Proposition 14.4.3, and 7r a padding function 
as just constructed. Define g as follows: 

5(0) = 7r(r(0), min{y | 7r(r(0),y) > 0}) 

s(P + 1 ) = ^(p+i), min{y | 7r(r(p +l),y) > ff(p)}) 

Function g simply takes a program compiled from L into M by r, and “pads” it sufficiently 
to exceed all of its own values on smaller arguments. It is clearly computable. □ 

Finally, the crux of our development: 

Theorem 14.4.6 There is a one-to-one, onto, total computable function / : L -programs 
—» M -programs such that Jp]] L = [[/(p)J M for p G L -programs. 

Proof. Let g : L -programs M -programs and h : M -programs L -programs be compiling 
functions from Proposition 14.4.5 such that [[pJ L = [[g(p)]] M ? [[qJ M = [Mq)J L , an( l 0 < 
#(p) < g( p + 1) and 0 < h( q) < h( q+ 1) for all p, q. 

Both functions are one-to-one and p < g{ p) and q < h{ q); these will be key properties 
in the following construction. The one-to-one property ensures that g~ 1 and h~ 1 are par¬ 
tial functions; the monotonicity of both implies that their inverses are also computable. 

Define functions zig : L -programs —> {true,false}, zag : M -programs —» {true, 
false}, and / as follows: 
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zig( p) = if 3 q . h{ q) = p then zag{ q) else true 
zag( q) = if 3 p . g(p) = q then zig( p) else false 
/(p) = if -2*5(p) then <?(p) else /i _1 (p) 

If zig' s argument (which is always an L-program) is not in the range of h, then true 
is returned. If it is in the range of /i, zig traces its argument backward one step, and 
applies zag. Symmetrically, zag returns false if its M-program argument is not in the 
range of g , else it traces backward with the aid of zig. 

Figure 14.3 shows how they work. Given L-program p, the chain of its immediate 
ancestors by g,h is traced backwards until a program is found which is outside the range 
of h if the chain starts in L, or outside the range of g if the chain starts in M. (Being outside 
is marked by a crossbar over an arrow in the diagram.) In the first case /(p) = g(p) and 
in the second, /(p) = h~ 1 ( p). 



Figure 11^.3: Isomorphism by the Cantor-Bernstein construction. 
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Note that zig-zag are both total since g,h decrease. Further, /(p) is always uniquely 
defined. This is evident if zig( p) = true, as /( p) = g( p). The other case is zig{ p) = false, 
which can (by inspection of zig's definition) only occur if p is in the range of fi, in which 
case /(p) is the unique value of fi _1 (p). 

We must now show that / is a total computable isomorphism. From the remarks 
above it should be clear that / is total and recursive. 

Onto. Let q G M-programs. Value zag{ q) is either true or false. If true then q = g( p) 
for some q G L-programs for which zig{ p) = true. This implies /(p) = q. If zag( q) is 
false then zig(h(q)) = zag( q) = false, which implies implies /(/i(q)) = h~ l (h( q)) = q. 
Thus all M programs are in the range of /. 

One-to-one. Suppose /(p) = /(p'). As / is defined, there are two possibilities for each 
(the “then” or the “else” branch above), giving four combinations. First: if /(p) = g(p) 
and /(p') = g(p') then g(p) = g{y> r ) which implies p = p' since g is one-to-one. Second: if 
= h~ 1 ( q) and /(p') = fi _1 (q / ) then /i _1 (q) = h~ 1 ( q') which implies q= q' since h is 
a single-valued function. 

Third possiblity: /(p) = g{ p) and /(p') = h~ 1 ( p'), which by definition of / can only 
happen if zig{ p) = true and zig{ p') = false. But this is impossible since p' = fi(/(p / )) = 
h(f( p)) = h(g( p)), which implies zig(p) = zig(p'). The fourth possibility is the same, just 
with the roles of p and p' reversed. □ 

Exercises 

14.1 Construct a self-reproducing WHILE-program directly, so [[pH (d.) = p for all d. □ 

References 

Manna’s book [114] has a lucid and elementary treatment of the fixpoint treatment of 
recursion, a subject treated from a more abstract viewpoint in denotational semantics 
[162, 158]. The recursion theorem is originally due to Kleene [100], and Rogers gave an 
alternate form involving program transformation in [155]. The isomorphism theorem is 
from [154]; our proof is adapted from [113]. 
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Overview of Complexity Theory 


15.1 Where have we been? 

Parts I, II and III of this book concerned understanding the nature of computability, and 
delineating the boundary between problems that are effectively solvable (computable) 
and those that are not. The problems studied involved computing partial functions and 
deciding memberships in sets 1 . 

Following Turing’s analysis of computation in general, we chose at first the WHILE 
language as computing formalism, and proved several fundamental results using it in 
Chapter 5. In particular Kleene’s s-m-n theorem established the possibility of program 
specialization, the halting problem was shown undecidable, and Rice’s theorem estab¬ 
lished the undecidability of all nontrivial extensional program properties. A universal 
WHILE-program, able to simulate any WHILE-program at all, was constructed. 

The boundary between those sets whose membership problems are decidable, semide- 
cidable, and undecidable was explored, as were the relations among semidecidability of 
set membership, effective enumerability, and the computability of possibly partial func¬ 
tions. 

After that rather abstract chapter, relations to daily computing concepts were dis¬ 
cussed informally in Chapter 6: compilers, interpreters, partial evaluation, compiler boot¬ 
strapping, and related computational time aspects. Time was, however, only treated in 
a quite informal way. 

The remainder of Part II very significantly broadened the scope, relevance, and ap¬ 
plicability of the previous formal results, by showing that they hold not only for the 
WHILE language, but also for several other computing formalisms: both flow chart and 
functional analogues of the WHILE language; Turing machines; counter machines; random 
access machines; and classically defined “recursive functions.” This was done by showing 
all these formalisms to be mutually simulable, or by compilations. In particular, Chapter 
8 on “robustness” introduced models CM, 2CM, RAM, SRAM, TM and proved their equiva¬ 
lences (see Figure 8.1 for an overview.) The main result was: computability, without 
regard to resource bounds, is equivalent for all of: F, WHILE, GOTO, CM, 2CM, RAM, and TM. 
A corollary: the halting problem is undecidable for any language L in this list. 

Finally, some relatively natural and simple problems (at least in appearance!) were 

1 A11 over countably infinite value domains. 
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shown to be impossible to solve by any effective computational process. These included 
Post’s Correspondence Problem and Context-free Ambiguity. 

Part III concerned several more advanced aspects of computability, including Rogers’ 
Isomorphism Theorem and Godel’s Incompleteness Theorem. 

15.2 Where are we now going? 

Parts I through III concerned only what was computable, and paid no attention at all 
(aside from the informal Chapter 6) to how much time or space was required to carry 
out a computation. In the real computing world, however, computational resource usage 
is of primary importance, as it can determine whether or not a problem is solvable at all 
in practice. 

In the remainder of the book we thus investigate computability in a world of limited 
resources such as running time or memory space. We will develop a hierarchy of robust 
subclasses within the class of all decidable sets. In some cases we will prove proper con¬ 
tainments: that a sufficient resource increase will properly increase the class of problems 
that can be solved. In other cases, questions concerning proper containments are still 
unsolved, and have been for many years. 

Finally, and in lieue of definitive answers, we will characterize certain problems as 
complete for the class of all problems solvable within given resource bounds. A com¬ 
plete problem is both solvable within the given bounds and, in a precise technical sense, 
“hardest” among all problems so solvable. Many familiar problems will be seen to be 
complete for various of these complexity classes. 

15.2.1 How complexity differs from computability 

Characteristics of complexity theory include the following. First, complexity theory is 
intensional: it concerns properties of programs and their computations, as well as what is 
computed. (This is in contrast to “extensional” as in Definition 5.4.1.) Asa consequence, 
it is vital that we have “fair” resource measures with respect to actual implementations. 
As was the case for computability, we will not consider finite problems 2 ; instead, we study 
the asymptotic complexity of a program solving a problem: how rapidly its resource usage 
grows, as the size of its input data grows to infinity. 

2 The difficult field of Kolmogorov complexity [110] concerns efficiency of computations on purely finite 
problems. 
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Complexity theory has as yet a great many unsolved open questions, but has evolved 
a substantial understanding of just what the intrinsic complexity is of many interesting 
general and practically motivated problems. This is reflected by a well-developed clas¬ 
sification system for “how decidable” a problem is. Computability theory has similar 
classification systems, for “how undecidable” a problem is [100], [155], but this subject 
is beyond the scope of this book. 

15.2.2 Robustness of ptime and pspace 

The concepts we attempt to capture all involve computational resources, the central ones 
being time, space, and nondeterminism (the ability to “guess”). 

First, we define what it means to decide a problem within a given time bound. Second, 
we define what it means to decide a problem within a gwenspace bound (i.e., a limit on 
memory or storage) . The third “resource,” nondeterminacy, will also be introduced and 
discussed. 

These definitions will require some discussion since not entirely straightforward, partly 
due to the multitude of our machine models, and partly to some near-philosophical 
questions about “what is a fair time or space cost?” when input size grows toward 
infinity. After carefully investigating “fair” resource measures, we will establish that: 

1. Computability, up to linear differences in running time , is equivalent for F, WHILE, 
and GOTO. 

2. Computability, up to polynomial differences in running time , is equivalent for all 
of: F, WHILE, GOTO, SRAM, and TM. 

3. Computability, up to polynomial differences in memory usage , is equivalent for all 

of: F, WHILE, GOTO, SRAM, and TM. 

Invariance of polynomial-time computability 

Conclusion 2 supports (or will, once proven) a strong “robustness” result: The class 
ptime, consisting of all problems solvable in time polynomially bounded in the size of 
the problem’s input, is essentially independent of the computation model being used 3 . 

The assertion that ptime l 2 is the same class of problems for all reasonable sequential 
(that is, nonparallel) computational models L could well be called Cook’s thesis , after 
Stephen C. Cook, a pathbreaking researcher in computational complexity. A stronger 

3 Conclusion 1 is not as strong since it involves fewer machine types, and it seems likely that the 
property of linear time solvability in fact depends on the machine model used. 
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version, analogous to the Church-Turing thesis but most likely too strong, is to identify 
PTIME with the class of all tractable, or feasible problems. 

The complexity equivalences in points 2 and 3 above do not concern either the counter 
machine or the unrestricted RAM. Informal reasons: counter machines have so limited an 
instruction set that solving even trivial problems can take nonpolynomial computation 
time. The full RAM model has the opposite problem: it can solve some problems faster 
than is realistic on actual computers (Section 16.5 contains a more detailed discussion). 

Conclusions 2 and will be shown by following arcs in the cycle SRAM —> TM —> GOTO —> 
SRAM: We will show how, for each arc L —> M in the cycle, to construct, for an arbitrary 
L-program p, an equivalent M-program q whose running time is polynomially bounded in 
the running time (resp. space usage) of p. In essence we will traverse the central loop of 
Figure 8.1, with one exception: a GOTO program will be directly simulated by an SRAM 
program, bypassing the counter machines of Figure 8.1. 


15.3 Computational resources and problems 

We deal with such questions as: what is the most efficient way to solve a given problem? 
Such a question is quite difficult to answer because it quantifies over all possible correct 
algorithms for the problem. Nevertheless we will establish lower bounds on needed re¬ 
sources (time or space) for some problems: proofs that any algorithm solving the problem 
within a certain programming language must use at least at certain amount of computing 
resources. 

Establishing that problem A cannot be solved in time f(n) amounts to proving that 
no matter how any program p is written , if p solves A then it must take more than f(n) 
amount of time on some inputs of size n. Such results can only be proven in precisely 
defined contexts, and even then are not at all easy to obtain. 

On the other hand, there exist some problems that have no best algorithm : The 
famous Blum speedup theorem (Chapter 20) says that there are problems such that for 
any program p whatever that solves the problem, there is another program q also solving 
the problem that is much faster than p on all but finitely many inputs. 

In this book part we are primarily concerned with the following question. When do 
added computational resources provably increase problem-solving ability? For instance, 
is there a problem P solvable by no algorithm whatsoever that runs in time n 2 (where 
n is the size of the input data), but which can be solved by at least one algorithm that 
runs in time n 3 ? We will see that the answer is “yes.” 
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A similar question: given time resource bound function /, are there problems solvable 
in time b • /(n), but not in time a - f(n) for some constants a <b? (Here, again, n is the 
size of the input data.) In other words, do constant time factors matter for problems 
solvable in time 0(/(n))? We will see that the answer is “yes” for the programming 
language I. 

As a special case, we prove that constant time factors are indeed important , even 
within linear-time solvable problems; thus confirming in theory what one tends to think 
from practical experience. Practice can, however, only establish positive results such as: 
problem A can be solved in time f(n). Negative results are much harder, as it is clearly 
inadequate to say “I tried to solve this problem in this way ..., but failed.” 

What problems are solvable in bounded time or space? 

Our goal is to investigate the relative computing power of the above mentioned models 
for solving problems, given bounds on programs' running times or space usage. This 
leads first to asking the question: “what is a problem?” 

If a problem is to compute a function f(x) there is a risk of a trivial answer: given 
more time, more problems can be solved simply because a larger result f(x) can be 
written out if more time is available(l). Such answers give little real insight into the 
relation between available resources and problem-solving power, so we restrict ourselves 
to decision problems. 

A decision problem is given by a subset A C L -data for some language L. The problem 
to be solved is, when given an input data value x G L -data, to answer the question: Is 
x G A? 

In the remainder of the book for simplicity of exposition we will, unless explictly 
stated otherwise, assume L is an imperative language as described in Section 7.1, with 
programs of form: p = Thus a computation is a linear sequence of states 

p \~ si —> S 2 —>•••—> St. This naturally describes computations by all the languages seen 
so far, except for the functional languages. 

Nondeterminism 

Many practically interesting but apparently intractable problems lie is the class nptime, 
a superset of ptime including, loosely speaking, programs that can “guess” (a precise 
definition will appear later.) Such programs can solve many challenging search or op¬ 
timization problems by a simple-minded technique of guessing a possible solution and 
then verifying , within polynomial time, whether or not the guessed solution is in fact a 
correct solution. 
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The ability to guess is formally called “nondeterminism” (hence the N in nptime) 
and will be discussed in a later chapter. The concept involves a so-called angelic inter¬ 
pretation. By this view a membership decision problem is nondeterministically solvable 
if for each “yes” instance there exists one or more correct guess sequences leading to ac¬ 
ceptance of the input, and for each “no” instance, no guess sequence at all can possibly 
lead to answering “yes.” 

For practical purposes it is not at all clear how, or whether , nondeterministic poly¬ 
nomial-time algorithms can be realized by deterministic polynomial-time computation. 
This well-studied problem “ptime = nptime?,” often expressed as “P = NP?,” has been 
open for many years. In practice, all solutions to such problems seem to take at least 
exponential time in worst-case situations. It is particularly frustrating that no one has 
been able to prove no sub exponential worst-case solutions exist. 

15.4 ptime and tractability 

An extension of Cook's thesis would be to argue that the class of all computationally 
tractable problems comprises exactly those that lie in ptime. This is a useful working 
assumption in many circumstances, but should not be taken too literally. 

Identification of ptime with the computationally tractable problems is less solidly 
founded than the Church-Turing thesis, which concerns computability in a world of 
unlimited resources. Reasons for a certain skepticism include two facts: 

• An algorithm running in time |x| 100 can hardly be regarded as computationally 
tractable for inputs with |x| > 2; 

• There exist algorithms that run in a superpolynomial time bounds in the worst case, 
but which work quite well in practice and with small constant factors. Examples: 

— The Simplex method for linear programming can take exponential time in 
the worst case, but works very well in practice for finding optimal solutions 
to systems of linear inequalities. In this interesting case, there exist alterna¬ 
tive algorithms that are truly polynomially time-bounded (e.g. the “ellipsoid 
method”), but all seem to have unacceptably large constant time factors for 
practical use. 

— Type inference in the programming language SML [129] has been proven to 
take exponential time in the worst case, regardless of the algorithm used , but 
again works well in practice. 
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There are, as well, a number of arguments in favour of identifying ptime with tractabil- 
ity. While admittedly not a perfect fit, the class ptime has good closure properties, so 
reasonable operations on problems in ptime or on programs running in polynomial time 
do not take us outside the class. Further, the class has many alternative characterizations 
and theorems, making it mathematically appealing to work with. 


15.5 A proper hierarchy based on constant time 

factors 

The constant speedup theorem , well known from Turing machine based complexity theory, 
in essence states that any program running in snperlinear time can be rewritten so as 
to run faster - by any preassigned constant factor. This counterintuitive result will be 
proven false for a natural imperative programming language I that manipulates tree- 
structured data. This relieves a long-standing tension between general programming 
practice, where linear factors are essential, and complexity theory, where linear time 
changes are traditionally regarded as trivial. 

Specifically, there is a constant b such that for any a > 1 there is a set X recognizable 
in time a-b-n but not in time a-n (where n is the size of the input.) Thus the collection 
of all sets recognizable in linear time by deterministic I-programs, contains an infinite 
hierarchy ordered by constant coefficients. Constant hierarchies also exist for larger 
increases from time bounds T(n) to T'(n ), provided the bounds are time-constructible 
in a natural sense. 


15.6 A backbone hierarchy of set membership 

problems 

Various combinations of these resources lead to a widely encompassing “backbone” hier¬ 
archy : 

RDONLY C NRDONLY C PTIME C NPTIME C PSPACE = NPSPACE C REC C RE 

where RDONLY denotes the class of all problems decidable by “read-only” algorithms 4 (i.e. 
without rewritable storage), and ptime and PSPACE denote those problems solvable in 


4 This problem class will be seen to be identical to the Turing-machine-defined class LOGSPACE. 
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time and space, respectively, bounded by polynomial functions of the problem’s input 
size. Classes nrdonly, nptime, npspace denote the problems decidable within the 
same bounds, but by nondeterministic algorithms that are allowed to “guess”; and REC, 
RE are the recursive and recursively enumerable classes of decision problems already 
studied in Chapter 5. 

Invariance of with respect to problem representation 

The significance of this hierarchy is that a great number of practically interesting prob¬ 
lems (e.g. maze searching, graph coloring, timetabling, regular expression manipulation, 
context-free grammar properties) can be precisely located at one or another stage in this 
progression. 

Its significance is notably enhanced by the fact that the placement of a problem 
within the hierarchy is in general quite independent of the way the problem is described. 
For example, a problem concerning graphs will appear in the same complexity class 
regardless of whether the graphs are represented by connection matrices or by adjacency 
lists. (There are a few exceptions to this rule involving degenerate problem instances, 
for example extremely sparse graphs, but such exceptions only seem to confirm that the 
rule holds in general.) 

A collection of open problems 

A long-standing open problem is whether the “backbone” inclusions are proper. Many 
researchers think that every inclusion is proper, but proofs have remained elusive. All 
that is known for sure is that nrdonly C PSPACE, a very weak statement. 

15.7 Complete problems for (most of) the problem 

classes 

In spite of the many unresolved questions concerning proper containments in the “back¬ 
bone,” a great many problems have been proven to be complete for the various classes. 
If such a problem P is complete for class C, then it is “hardest” in the sense that z/it lay 
within the next smaller class (call it B with B C c), then every problem in class C would 
also be in class B, i.e. the hierarchy would “collapse” there, giving B = C. Complete 
problems are known to exist and will be constructed for every class in the “backbone” 
except for rdonly (since no smaller class is present) and REC (for more subtle reasons.) 
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15.8 Intrinsic characterizations of logspace and 

ptime 

The classes LOGSPACE and ptime have been traditionally defined by imposing space, 
respectively time, bounds on Turing machines. We will give two “intrinsic” characteri¬ 
zations, free of any externally imposed bounds. In particular, we will see that LOGSPACE 
is identical to the class RDONLY of problems solvable by WHILE-programs that do not 
use the cons operation; and that ptime is identical to the class RDONLY rec of problems 
solvable by the same programming language, extended by recursion. We anticipate the 
first result briefly as follows. 

Read-only computation models A one-tape Turing machine with input length n 
can run for time 2°( n \ i.e. exponential time, without ever moving its read/write head 
beyond the boundaries of its input string d. This time bound is “intractable,” i.e. well 
beyond the running times of practically usable algorithms. This problem thus motivates 
a study of space bounds that are small enough to give running times closer to practical 
interest: smaller than n = |d|, the length of the input. 

A solution is to use “read-only” models that allow only read-only access to the input 
value d and, when measuring program space consumption, to count only the “workspace” 
that is used over and above the input length. (This is intuitively reasonable, since read¬ 
only input will remain unchanged during the entire computation.) We will see that the 
following all define the same class of decidable problems: 

• Read-only Turing machine programs whose work space is bounded by £dog(|d|) for 
some k and all d 

• Read-only counter programs such that each counter value is bounded by |d|, or a 
polynomial in |d 

• GOTO programs without “cons,” i.e. that use no additional space at all, beyond the 
input d 

Further, all problems in this class will be seen to lie in ptime (though whether the class 
is a proper subset of ptime is still an open question). 
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16 Measuring Time Usage 


Parts I-III concerned only the limits of computability and completely ignored questions 
of running time and space, except for the very informal treatment of time in Chapter 
6. In the remainder of the book we mainly consider imperative languages, as described 
in Section 7.1. Two tree-manipulating imperative languages will be the main focus: the 
languages GOTO and I of Sections 7.2 and 4.2. 

We will need to be much more precise about running time and space than before, 
partly to be able to prove theorems concerning what can or cannot be done within various 
resource bounds, and partly to justify that these results reflect facts about real-world 
computations (at least in contexts where resource bounds may be expanded whenever 
needed). 

16.1 Time usage in imperative languages 

An imperative language L has programs of form p = Ii ... I m , and states of form s = (£, a) 
where 1 < £ < m+1 and a is a store whose form depends on the particular language being 
studied. In an imperative language a computation is a sequence of state transitions 
p b si —* s 2 —» ... —» s t from initial state s i to terminal state s t = (ra+ l,cq). 

16.1.1 Some simplifications 

For technical convenience we make some small changes in the machine or programming 
models seen earlier, and precisely define program running times in the revised computa¬ 
tion models. The main changes are the following. None affect the class of problems that 
can be solved, though some problem’s representations may be encoded. Their aim is to 
provide better descriptions of computations within limited time or space resources (with 
fairer cost assignments, or technically more manageable.) 

• All the computation models will consistently use a fixed input set , namely L -data 
= {0,1}* or L -data = D 0 i, a subset of ID isomorphic to {0,1}*. This will make it 
easier to compare various models, without having continually to invoke data coding 
and decoding functions. 

• The input to an SRAM program is a read-only string ai ... a n G {0, l}*. Initially all 
registers are set to zero, except that register R0 will be initialized to n. 
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16.1.2 The unit-cost time measure 

Recall Definition 6.1.1 of a timed programming language L. The simplest time measure is 
the unit cost time measure, quite commonly used in complexity theory: 


Definition 16.1.1 For an imperative language L, the function time L : L —programs 
(L— data— > IN ±) is defined as follows, for any p G L— programs, d G L— data: 



t if p b si —» S 2 —> ... —■» s t , and s i = (l,Readm(d)), and s t is terminal 
J_ otherwise 


This associates with any completed computation pbsi^S 2 ^...—> s t the number of 
transition steps t it takes. This seems reasonably faithful to daily computational practice, 
but some special cases can be questioned: the cost of cons and =? in the GOTO language, 
and the cost of RAM operations in case register values or memory sizes become extremely 
large. These will be discussed carefully below in Sections 17.1 and 16.5. 

A “non-unit-cost” measure will account for differences in time that executing individ¬ 
ual instructions may take. The idea is to assign a cost to each instruction as it is executed 
(perhaps depending on the current store a ), and to let the cost of a computation be the 
sum of the costs of its individual steps. 


16.2 Relating binary trees and bit strings 

Before continuing, there is a difference in data sets that must be reconciled: Turing 
machines read bit strings, and counter machines read numbers, whereas our WHILE, GOTO 
and other languages read binary trees. Function bin of Chapter 8 maps numbers into bit 
strings, so all we need is a way to represent a bit string in {0,1}* as a binary tree in D, 
and vice versa. 


Isomorphism of {0,1}* and a subset of D 

We regard 0, 1 as standing for standard encodings in ID of nil and (nil.nil), respec¬ 
tively. Clearly any D-value in the set IDqi generated by the following grammar 


D01 


nil 


(nil . D01) 


((nil.nil) . D01) 
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can be regarded as a string from {0,1}*. Further, string G {0,1}* with a* G {0,1} 

can be regarded as an element of Dqi by the coding c : {0,1}* —>• D 0 i defined as follows, 
using the list notation of Section 2.1.5: 

c ( a l a 2--- a fc) = ( a l a 2• • - a n) £ ®01 

Treating all of D 

Our restriction to the subset JD 0 i °f ID makes things simpler, but is by no means essential. 
A coding of arbitrary D elements is easy to define and work with, with for example 
: ID —» {0,1}* representing d G ID by its “Polish prefix form” in {0,1}*. This is 
obtained by traversing its tree structure in preorder, writing 0 every time nil is seen, 
and 1 every time an internal “cons” node is seen. 

The constructions seen below could be carried out using the full ID, at the expense 
of some complications (see Exercise 16.3). 

16.3 Comparing times between computation models 

We now refine the definition of “simulation,” as formulated by Definition 3.1.2, to include 
time factors. For complexity purposes it will often be necessary to compare the efficiency 
of source and target programs of some simulation. 

The following is expressed assuming two timed languages, L and M with L -data = 
M -data; but it is easily generalized with respect to simulations with respect to a 1-1 data 
coding function c : L -data — » M -data. 

16.3.1 Comparing languages 

Definition 16.3.1 Suppose one is given two timed programming languages, L and M 
with L -data = M -data. Then by definition 1 

1. L ~<P Urne m if every for L-program p there is an L-program q such that [[p]] L = [[q]] M 
and a polynomial f(n) such that for all d G L— data 

time^(d) < f(time^(d)) 

In words: M can simulate L, up to a polynomial difference in time. 

1 To avoid trivial exceptions, the requirements only apply to programs p and languages S such that 
d| < time p(d) for all data d. This is not unreasonable, since a program running in time less than this 
would be unable to examine all of its input data. 
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2 l M if every for L-program p there exists a constant a p > 0 and an L-program 

q such that Jp]] L = [[qJ M and for all d G L— data 

time^d) < a p • time^(d) 

In words: M can simulate L, up to a linear difference in time. Here a p is called 
the overhead factor. It can be either less than 1 ( speedup ) or greater than one 
(slowdown). 

3. L =P tirne M iff L -<P Urne M and M -<P Unie l. In words: L and M are polynomially 
equivalent. 

4. L = hnUrne M iff L -< hntirne m and M -< hntirne l. In words: L and M are linearly 
equivalent. 

Lemma 16.3.2 Let xxx be either ptime or lintime. If L :< xxx M and M : < xxx N, then L 
■< xxx N. Consequently L -< xxx M ■< xxx L implies L = xxx M. 

Proof. The composition of two polynomials, or of two linear functions, is also polynomial 
or linear. □ 

16.3.2 Program-dependent or -independent overhead 

We now define a more refined version = hnt,irne -P9-^ d G f linear-time simulation, a subtle 
difference that will turn out to be important in Chapter 19 in connection with the lan¬ 
guages I and F. Chapter 19 will proven that among the programs that solve problems 
within linear running time, a difference of even a constant factor can make a provable 
difference in programs’ ability to solve problems. In preparation for this, we now describe 
program simulation in more detail than seen above. 

Definition 16.3.3 Suppose one is given two timed programming languages, L and M 
with L -data = M -data. Then by definition 

1. L -^}' Lntme --P9-' ind m if there is a constant a > 0 such that for every L-program p 
there exists an M-program q such that [[p]] L = [[qJ M and for all d G L —data 

time^(d) < a - time^(d) 

In words: M can simulate L up to a program-independent linear time difference (or 
overhead factor) a. 
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2 l —lintime—pg—ind ^ lintime—pg — ind aa q M -<^^ n ^ rne ~P9~^ n( ^ p In words - 



and M are strongly linearly equivalent. 


The only difference between program-independent and program-dependent linear over¬ 
head as in Definition 16.3.1 is in the order of the quantifiers. The program-independent 
version is stricter since the same constant a has to suffice for all programs p. 

Lemma 16.3.4 If L -< lintime-pg-ind anc [ ^ ^lintime—pg—ind then L -<' lintirne -P9~ ind 
N Consequently L -< lintirne -P9- ind ^ ^lintime—pg—ind L implies p =Hntime-pg-ind jyj 


Proof. The composition of two program-independent linear functions is also a program- 
independent linear function. □ 


16.4 Tree-manipulating programs 

16.4.1 Henceforth: only atomic comparisons 

In Section 2.3 it was shown that any program using tree comparison operator =? could be 
replaced by an equivalent one using only tests on nil. Consequently in the remainder of 
this book we assume that tree-manipulating programs only compare values only against 
the atom nil, and that such a comparison has unit time cost. Remark: this avoids any 
need to have the operation =?, since its effects can be achieved using if and while. 

16.4.2 GOTO revisited 

The language GOTO will henceforth have the following syntax (slightly restricted) and 
semantics, and running times: 

Definition 16.4.1 Let program p = Ii. . . I m , and let Vars be a countable set of vari¬ 
ables. We use the conventions d,e G ID and X, Y, Z G Vars. The informal syntax of GOTO 
is given by the following grammar for instruction forms where d G ID: 

I ::= X := d | X := Y | X := hd Y | X := tl Y 

I X := cons Y Z | if X goto i else t! 

Labels t in if statements must be between 1 and ra + 1. Program semantics [[p] G ° T °(d) 

is as in Definition 7.2.2. Program running time time^ 0T0 (d) is given by the unit-cost 
measure of Section 16.1.2. □ 
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16.4.3 Running times of WHILE programs 

Conceptually, this is very simple: one counts one time unit for each operation or test 
performed on data during execution. Technically, we use parts of the definitions of £ etc. 
from Section 2.2. 


Definition 16.4.2 Given a store a containing the values of the variables in an expression 
E, the function T maps E and a into the time T[[E]]a G IN taken to evaluate E. Function 
T : Expression —» (Store p —» IN) is defined by: 


TJX] a 
T[[d]cr 
T[[hd Ejcr 
T\tl Eflcr 
T[[cons E FJcr 


1 

1 

1+T[E]]<7 
i+t|[e](7 
l + T[[E]]a + T[[F]]a 


□ 

Given a store cr, the relation C \- Urne <j => t expresses the fact that t time units are 
expended while executing the command C, beginning with store a. (If command C does 
not terminate in the given store cr, then there will be no t such that C \- Urne a =>t.) By 
definition C \- tirne <j t is the smallest relation satisfying: 


X :-E 

|_time _ 

^ t T 1 

C; D 

|_time q _ 

r* t T i! 

while E do C^ time a = 

r* t T 1 

while E do Cl- time (j = 

r” t T t' T 1 


if T[[E]]<t = t 

if Ch timc <7=>*,C|-<7-><7', 

and D h time a' => t 
if TjEjcr = t and 5 [[E]]<j = nil 
if T[[E]]<t = t and 5[[E]]cr ^ nil and 
C; while Edo C \- tirne cr => £ 



16.5 Fair time complexity measures 

Since all our programs are imperative, the most natural cost to assign to a computation 
is the sum of the costs of its individual steps. The “unit cost per operation” model will 
consistently be used unless other measures are specified. Thus Turing machines and the 
GOTO language use unit cost, whereas WHILE and I use time as specified by Definition 
16.4.2. 
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One-step instruction times for random access machines can be defined in more than 
one way, and some are closer to daily computational practice than others. 

Time measures on the counter machine CM do not give much insight. The problem 
is that the CM instructions are too weak to solve interesting problems within reasonable 
time, since in any one instruction, a counter may change in value by at most 1. We 
will see, however, that a reasonable measure of computation space can be defined for a 
counter machine. 

The full RAM model has somehat the opposite problem under the unit-cost model, if 
memory cells are unlimited in value: its instruction set is typically too strong to yield 
a reasonable time measure. The problem is one of data value size: if instructions such 
as X:=Y+Z are allowed, executing X:=X+X k times will multiply X's value by 2 k ; and an 
instruction X:=X*X (allowed on many RAM models) can, if repeated, construct extremely 
large values within short time. 

A symptom of this problem is that some problems known to be “NT-complete” (pre¬ 
sented later in this book) can be solved in polynomially many steps on the unlimited RAM 
model [159]. One solution to this problem is to use a nonuniform cost measure, in effect 
“charging” instructions according to how large the values are that they manipulate. This 
leads to the logarithmic cost model discussed below. 

Another solution, which we will use, is to limit the RAM model to be a “successor RAM” 
or SRAM, with indirect addressing to load and store data, but only with data computation 
instructions X:=Y+1 or X:=Y-1. We will see that this yields the same class PTIME under 
unit time costing as Turing machines and other models. Further, it is essentially equiv¬ 
alent to “impure Lisp,” meaning Lisp with instructions to change already existing cells 
via operations such as SETCAR! or RPLACA. Another equivalent formulation is Schonhages 
storage modification machine [160]. 

16.5.1 Random access machine instruction times 

There is some controversy about what a “fair charge” should be for instruction times on 
a RAM, for at least two reasons. First, the model is fairly close to actual machine hardware 
instruction sets to relate its computation times to those we deal with in practice (unlike, 
for example, the counter machine). Second, the model allows arbitrarily large natural 
numbers to be stored in its registers or memory cells — a feature in conflict with the 
first. 

It is not easy to get around allowing arbitrarily large values in memory cells, since 
if one assumes all cells are finite then the machine becomes a kind of finite automaton. 
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While interesting in themselves and useful for many purposes (e.g. lexical analysis in 
a compiler), finite automata are not Turing complete , and daily Computer Science al¬ 
gorithms become quite unnatural when truncated to fit within finitely bounded word 
sizes. 

We here have a paradoxical situation: that the most natural model of daily computing 
on computers, which we know to be finite, is by means of an infinite (i.e. potentially 
unbounded) computation model. This question can be discussed at great length, which 
we will not do here. One element in such a discussion, though, would surely be the 
fact that we carefully design and build our computers to provide a faithful model of 
a mathematical world, e.g. great attention is paid to ensure that an ADD instruction 
behaves as closely as possible to the idealized mathematical addition function, as long as 
‘overflow” does not occur. 

Consequently it would seem unnatural not to model our descriptions of computer 
capacities on mathematical idealizations, at least until one exceeds limits due to word 
size, run time cost, or memory capacity. It is also relevant that today’s computers are 
extremely fast and have very large memories, so such limitations are not encountered as 
often as in the earlier days of our field. 

Back to the point of assigning fair costs to the RAM model. Hardware factors relevant 
to “fair costing” can include: 

1. Should the size of the data being manipulated be considered? 

One view: one data item fits into one machine word, which takes a constant time 
to fetch or store. 

Another view: very large data values take longer to manipulate, and this should 
be accounted for in the instruction cost. 

2. Should program-dependent factors be included? 

A basic example is the address (index) of an explicitly named program variable. 
Some other examples follow. 

3. Should the time to locate the current instruction be included? 

4. What effect does instruction pipelining have on times? Should a linear sequence of 
instructions be charged less time than code with control transfers? 

5. What about page faults, or data or instruction cache misses? These involve distinc¬ 
tions between data in local memory, e.g. on the chip with the CPU, and memory 
held in a global store. 

6. Computer circuits exist in three-dimensional space, so time (^(n 1 / 3 ) is surely a 
lower bound in the limit for the time to access data at address n. (Actually time 
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0(n 1 / 2 ) could well be argued, due to the essentially two-dimensional nature of 
today’s layered circuit technology.) 

These are much larger than the logarithmic cost assumed in many “realistic” models 
(see below.) 

Points 4 and 5 make “only constant differences,” but constant factors that are sometimes 
large enough to be critical. Following are the two most popular RAM cost models. 

16.5.2 Two time cost models for the RAM 

The unit-cost measure. As for Turing machines, this charges 1 step for any current 
instruction It. 


The logarithmic-cost measure. This charges to each operation a time proportional 
to the number of bits occupied by its operands. The reasoning is that data are tradi¬ 
tionally stored in binary form, and it takes more time to manipulate longer data values. 
Further, the same reasoning is applied to addresses or register numbers involved in indi¬ 
rect fetch and store operations. 

Some literature accounts for point 1 above, some accounts for point 2, and most of 
the literature ignores the remaining points. Accounting for 1 and 2 gives the following 
instruction time charge (ignoring constants). The idea is to “charge” time proportional 
to the number of bits manipulated by each instruction when executed. 

Instruction form Execution time, given store a 


Xi := Xi+1 
Xi := Xi-1 
Xi := 0 

if Xi=0 goto t else t! 
Xi := Xj 
Xi := <Xj> 

<Xi> := Xj 


log z + log cr(i) 
log z + log a(i) 
logi 

log z + log a(i) 

log i T log j T log a (j) 

log i + log j + log cr ( j ) + log cr ((7 ( j ) ) 

log i + log j + log cr ( i ) T log cr ( j ) 


Which time measure is more realistic? We will see that, when discussing poly¬ 
nomial time bounds and the class ptime, it makes little difference which time measure 
is chosen. However, these factors become highly relevant if we discuss either or both of 
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linear time computability , or the effect of increasing both data and storage size toward 
infinity. 

The assumption that both data and storage size can grow toward infinity implies a 
computing model where more and more hardware or circuitry is needed. It thus models 
one aspect of distributed computing , e.g. situations involving very large data bases, but 
not daily practice within a single stored-program computer. 

In spite of the argument that one should “charge” time proportional to the address 
length for access to a memory cell, or a dag or graph node, this is not the way people 
think or count time when they program. Memories are now quite large and quite cheap 
per byte, so most programmers need to take little account of the time to access memory 
in external data storage. 

Further, computer memories are carefully designed to make pointer access essentially 
a constant time operation , so users rarely need to be conscious of address length in order 
to make a program run fast enough. In practice computer hardware is fixed: word sizes 
or memory capacities cannot practically be increased on demand. 

An analogy is with arithmetic: Even though the computer certainly cannot deal with 
arbitrary integers, it is carefully designed to model operations on them faithfully as long 
as they do not exceed, say, 32 bits. Given this fact, programmers have the freedom 
to assume that the computer faithfully realizes the world of arithmetical calculations, 
thinking of his or her problem and ignoring the computer's actual architecture unless 
boundary cases arise. 


Our choice of SRAM timing 

We are especially interested in problems that can be solved within small resource usage, 
for example linear time algorithms and those using limited storage (e.g. logarithmic 
space). Such programs simply do not run long enough to fill astronomically many memory 
cells, or to create long addresses or values. Thus for the purpose of this book we feel 
that the unit-cost SRAM model is more faithful to daily programming, and so take it as 
our model. This view is admittedly biased toward problems with reasonable memory 
requirements, where time is the limiting factor of greatest practical interest. 

Fortunately, the SRAM model above is so restricted that long addresses or values take 
significant computation time to create. However if, for example, multiplication were 
allowed as a primitive operation, extremely large values could be constructed in a short 
time, bringing the fairness of the unit-cost time measure into question. 
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Exercises 

16.1 Find a program-independent bound on the slowdown of the translation in Propo¬ 
sition ??. □ 

16.2 Find a program-dependent bound on the slowdown of the translation in Proposi¬ 
tion 3.7.4 as a function of p. □ 

16.3 The purpose of this exercise is to show how to modify the coding between bit 
strings in {0,1}* and binary trees d G IDoi of Section 16.2 to include all of D. Coding 
Co represents d G ID by its “Polish prefix form.” This is obtained by doing a preorder 
traversal of its tree structure, writing 0 every time nil is seen, and 1 every time an 
internal “cons” node is seen. 

Formally it is defined by co(nil) = 0,co(dl.d2) = lco(dl)c]D(d2). Figure 16.1 shows 
an example. 



co(((nil.((nil.nil).nil)).nil)) = 110110000 


Figure 16.1: Polish prefix code for a binary tree. 


The exercise is to prove the following: 


1. |co(d)| = 2 |d| — 1 for all d G D. 

2. cjd is one-to-one. 

3. Let the balance bal(x) of x = ai... a n G {0, l}* be the number of l’s in x minus the 
number of 0’s in x. Then x = co(d) for some d G ID if and only if bal(x) = — 1, and 
bal(y) > 0 for every prefix y = a!... a* of x with i < n. 
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The lemma gives a simple algorithm to determine whether a bit string corresponds to a 
tree: initialize a counter to 1, and scan the bit string from the left. Add 1 every time a 
1 is seen and subtract 1 whenever a 0 is seen. The string represents a tree if and only if 
the counter equals 0 when the scan is finished, and never becomes negative. 

Hint: Part 3 can be used for part 2. □ 

References 

The random access machine was introduced by Shepherdson and Sturgis in 1963 [163]. 
Discussions of the delicate issue of what is a fair time cost measure are found the the book 
by Aho, Hopcroft and Ullman [2], and in articles by Schonhage and by Jones [159, 78]. 




17 Time Usage of Tree-manipulating 
Programs 


17.1 A DAG semantics for GOTO 

To deserve its name, complexity theory must concern realistic models of program be¬ 
haviour. In this (admittedly low-level) chapter we examine several basic assumptions, 
hoping that the discussion will give greater faith that our complexity models faithfully 
capture intuitive complexity concepts. 

As in the preceding chapter, nil will be the only atom used in any construction 
or definition henceforth — even though for the sake of readability we may use other 
atomic abbreviations in examples, for instance 0 and 1 as alternate ways to write nil 
and (nil.nil). Extension to multiple atoms is straightforward but more complex. 

17.1.1 Justification of unit cost timing for GOTO programs 

We have assumed every elementary operation cons, hd, etc. as well as every conditional 
to take one time unit in GOTO, and similar costs appear in WHILE. These costs may 
seem illogical and even unreasonable since, for example, command X := cons Y Y binds 
to X a tree with more than twice as many nodes as that bound to Y. 

In fact, it is reasonable to assign constant time to a cons operation and the oth¬ 
ers using the data-sharing implementation techniques common to Lisp and functional 
programming languages. In this section we give such a semantics for GOTO. 

The first subsection introduces a certain form of graphs. The second subsection 
reveals the connection between these graphs and elements of ID. The third subsection uses 
the graphs to state the new semantics and the fourth subsection proves the correctness 
of the new GOTO semantics with respect to the standard GOTO-semantics. The last 
subsection sketches a Pascal-like implementation of the semantics, which will be used in 
later chapters. 

Definition 17.1.1 

1. A DAG is a directed acyclic graph. 

2. A data-storage graph (DSG for short) is a DAG with the following properties: 
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(a) Every node has either no out-edges or two out-edges. The first is called an 
atom-node , and the second is called a cons-node. 

(b) For every cons-node, one out-edge has label l and the other has label r. The 
node pointed to by the edge with label / is called the left child of the cons-node, 
and the node pointed to by the edge with label r is called its right child. 

(c) There is only one atom-node, named node 0, to represent atom nil. 

3. A rooted DSG is a DSG together with a designated node chosen as the root. A 
DSG may have nodes that are unreachable from its root. 

4. Suppose S is a DSG with two nodes ni,n 2 , and let n be a fresh node not already 

in S. Then add(5,ni,ri2,n) is the DSG obtained by adding the node n to 4, and 
adding an edge from n to n\ labelled /, and a node from n to 77-2 labelled r. For 
instance, the DSG in the right of Figure 17.1 could arise from the one to its left by 
an add(5,ni,n 2 ,n) operation. □ 

Figure 17.1 shows two example DSGs; consider the leftmost one. (It represents 
((nil.nil) . (nil.nil)), which can also be written as (1 0) or even (1.1).) For 
simplicity, the labels l and r have not been written; instead the same information is 
represented by the physical horizontal relationship between the edges on paper. There is 
in reality only one node labeled nil, but we have duplicated it to make it easier to read 
the diagrams. 




Figure 17.1: Two example DSGs 
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17.1.2 From D to DSGs and back 

In connection with the DAG semantics we shall view elements of ID as DSGs, and con¬ 
versely. To view a DSG S as an element of ID we unfold it from a given node n to give 
the value unf(S,n) G ID. 

Definition 17.1.2 Given a d G D define a DSG 5 = dag(d,n) with root node n as follows. 

1. if d is the atom nil then 5 consists of the dag with one node named 0. 

2. if d = (di.d 2 ) then S has a root n, which has edges to n\ and n 2 where n\ and 77-2 
are the roots of the DSGs for di and d 2 , respectively. 

Definition 17.1.3 Given a DSG 5 and a node n in 5 define d = unf(5,n) G ID as follows. 

! 0 if n = 0 is an atom-node for nil 

(di.d 2 ) Where unf(ni,5) = di and unf(n 2 ,S) = d 2 and 

n is a cons-node with left child n\ and right child 77-2 

For example, let 5 be the leftmost DSG in Figure 17.1, and n its topmost node. Then 
7777/(^,77-) = ((nil.nil).(nil.nil)) = (l(O.nil)) = (1 0). 

During execution in GOTO, the DAG semantics builds a DSG S. Rather than binding 
a variable X to a value d G ID, the execution binds X to a node in the DSG. To do this, 
it will use an environment p : Vars(p) —> DagNodes. Instead of binding variable X to the 
atom nil, X will now be bound to atom-node 0, and instead of binding variable X to a 
pair (di.d 2 ), the new semantics will bind X to a cons-node. For an example, consider the 
reverse program seen in Section 7.2. 

0: read X; 

1: Y:= nil; 

2: if X then goto 4; 

3: goto 8; 

4: Z := hd X; 

5: Y := cons Z Y; 

6: X := tl X; 

7: goto 2; 

8: write Y 

Consider this program, applied to input (1 0). The left part of Figure 17.2 illustrates 
the DSG at the start: X is bound to DAG structure for (1 0) = ((nil .nil) nil), while 
Y and Z point to nil. At the end of execution two more nodes have been allocated and 
Y points to the node denoting the result (0 1), the reverse of input (1 0). 
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Figure 17.2: First and last DSG in execution of reverse 


DAG semantics 

In general the DAG semantics is as follows. 

Definition 17.1.4 (DAG semantics for GOTO). Let program p = Ii; . . . ; I m with 
both input and output via variable X, and let Vars (p)={X,Zl. . . ,Zn} be the set of all 
variables in p. 

1. A store for p is a pair (5,p) where S is a DSG and p is a mapping from Vars(p) to 
nodes of S. A state for p is a pair (£,a) where 1 < t < m + 1 and o is a store for p. 

2. The initial store <Tg(d) for p with input d is (5o,/?o) where So = dag(d,l) and 

Po — [X i—> /, Z1 1 —> 0,..., Zn i—> 0] 

3. The rules for the DAG semantics of GOTO appear in Figure 17.3. We define 

HpjjDAG( d ) = e iff (1,(<5 0 ,p 0 )) (m + l,($,p)) and unj{d,p( Y)) = e 

4. We define the running time of p on input d by: 

£zraejP AG (d) = t iff (l,(4 0 ,p 0 )) (m +1,(5,/?)) 


*+1 states 
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s(S,p, a) - 

(5,0) 


Where 0 is Ts nil node. 

s(M Y ) - 

(MY)) 



s(5,p, cons Z Y) 

(add(S,p(Z),p(Y),n),n) Where n is fresh. 


[ (<*, n) 


If p( Y) is a cons-node 

s(5,p, hd Y) 

< 


with left child n, else 


1 V, 0) 


where 0 is Ts nil node. 


[ (<*, n) 


If p( Y) is a cons-node 

s(5,p, tlY) - 

< 


with right child n, else 


( (8,0 ) 


where 0 is Ts nil node 

(£,a)^(£+l,(6',p[X 

'-►«])) 

If l£ = 

X:=E, cr= (S,p), s(S,p, E) = (S',n) 

T 


If 11 = 

if X gotof' else £" and p(X) 0 

1 ? 

r-v 

JL 

b 


If U = 

if X goto A else £" and p(X) = 0 


Figure 17.3: DAG Semantics of GOTO -programs, where o= (p,S). 


17.1.3 Correctness of the DAG semantics 

Informally a DSG store (5,p) corresponds to a GOTO store a : Vars(p) —> ID if p and 
a bind the same variables, and unfolding the node bound to Z by p gives the value 
bound to Z by a. 

Definition 17.1.5 Correspondence (S,p) ~ a between a DSG store (S,p) and a GOTO 
store o is defined as follows. 

(S,p) ~ a iff dom(p) = dom(cr) and unj{S,p( Z)) = cr(Z) for all Z G dom(p) 

Theorem 17.1.6 For any program p, [[p]] DAG (d) = [[pJ G ° T °(d), that is the standard and 
DAG semantics are equivalent. 

Proof. First prove that (Ao,po) ~ for the initial stores in the DAG and standard 
semantics (use the property that unj{dag(d,ri),ri) = d). Then prove that (5,p) ~ o implies 

(£,&) —> (£',cr') for some a 

iff 

(£,{5,p)) -» (£',(6',p')) for some (6',p') 
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and that if these two reductions hold then (S ',//) ~ o'. It follows that given a program 
p = Ii ; . . . ; I m and some input d, either 


1. Neither the standard nor the DAG semantics ever arrive at label ra+ 1; 

2. Both the standard and the DAG semantics arrive at label m+lmt steps, and the 

final states (ra+l,(5,p)) and (ra+l,<r) satisfy (S,p) ~ o. If so, then unf(5,p( Y)) = 
o( Y), so the final result in the two semantics are the same. □ 


17.2 A Pascal-like implementation of GOTO 

We now give a Pascal-like implementation using arrays of the DAG semantics of flow 
chart language GOTO. This will be used for several purposes: 


• To justify the unit-cost timing used for GOTO programs, or that assigned in Section 
16.4.3 to WHILE programs. 

• To prove that the problems solvable by functional F programs without cons are 
exactly those solvable in polynomial time, in Section 24.2. 

• To prove that boolean program nontriviality and Horn clause satisfiability are 
“complete for ptime,” meaning that they are in a sense “most difficult” among 
all problems solvable in polynomial time (Chapter 26). 


17.2.1 Simulating input-free programs 

The first is now the main goal: to make it evident that each operation takes time bounded 
by a constant. As usual we assume there is only one atom, nil (the technique is easily 
extendible to any fixed finite set of atoms). The implementation technique is easier to 
explain for an input-free program, so we begin assuming no input, and then explain how 
to account for initialization for input data. 

Given a GOTO program p = Ii; . . . ; I rn with output through variable X, let 
{X,Z1. . . ,Zk} be the set of variables in p. Construct a Pascal-like simulating program 
as follows: 
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type 


var 


Index = 0..infinity; 

Node = 0..infinity; 

X, Y, Zl, ..., Zk : Node; 


Hd, T1 
Time 
Hd [0] := 0; 
X := 0; Zl 
Time := 1; 

1 : T 

2 : I 


l 


: array Index of Node; 
: Index; 

T1[0] := 0; 

= 0; ...; Zn := 0; 


(* 0 encodes nil *) 


(* 

(* 

(* 

(* 


The current step number 
So Hd and T1 of nil give nil 
Initialize all vars to nil 


Step number initially 1 
(* Code simulating p’s instructions *) 


*) 

*) 

*) 

*) 


m 

m+1 


T 

x m i 

writeout; 


The idea is that the two parallel arrays Hd, T1 hold all pointers to hd and tl substructures. 
Variables assume only node pointers as values in this implementation. A variable X has 
value 0 if it is bound to nil, and otherwise points to a position in the arrays Hd and Tl 
arrays. This position contains pointers to the first and second components of X’s value. 

For simplicity we handle allocation by using variable Time to find an unused index in 
these arrays 1 . Command 1^, which simulates command I^ for 1 < £ < m-\- 1, is defined 
in Figure 17.4. Note that each of the simulation sequences above takes constant time, 
under the usual assumptions about Pascal program execution. 


Instruction I 

Simulating instruction I 

Z 

= nil 

Z := 0; Time := Time + 1 

Z 

= V 

Z := V; Time := Time + 1 

Z 

= hd V 

Z := Hd [V]; Time := Time + 1 

Z 

= tl V 

Z := Tl [V]; Time := Time + 1 

Z 

= cons V W 

Hd[Time] := V; Tl[Time] := W; 



Z := Time; Time := Time + 1; 

if 

Z = nil goto r else s 

if Z = 0 then goto r else s 


Figure 17.4: Pascal-like implementation of G 0T0. 


We leave the actual programming of the writeout procedure as an exercise for the reader 
(Exercise 17.1). 


1 A more economical implementation could maintain a “free list” of unused memory cells. 
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17.2.2 Data initialization. 

Suppose now that program p has input d = (di d 2 ... d n ) G ID. This data has to be 
stored into the Pascal data structures Hd, Tl. One way to describe this is to assume that 
variable X has been initialized by the following sequence of instructions, inserted at the 
start of p, where Zero indicates the always-present cell 0: 

One := cons Zero Zero; X := Zero; Init n ;...Initi; 

where for 1 < i < n Init^ is: 

X := cons Zero X 


if di = 0, else 

X := cons One X 


This adds n + 2 instructions and so has the effect of incrementing every instruction label 
in p by n + 3, so the simulation should now implement GOTO code if Z = nil goto r 
else s in p by Pascal-like code if Z = 0 then goto r+n+3 else s+n+3. 

The following indicates the initial DAG built this way for input d = (1 0), coded as 
((nil.nil) nil). 



Hd[0] = Tl[0] = 0: Head, tail of nil = nil 
Hd[l] = Tl[1] = 0: Cell for One = (nil.nil) 

X = nil at start, no values in Hd[2] or Tl[2] 
Hd[3] = Tl [3] = 0: cons 0 onto X 
X = 4, Hd[4] = 1, Tl [4] = 3: cons 1 onto X 


An alternative approach. Some readers may object to the approach of building the input 
into the Pascal-like simulating program. While we will find this convenient later, there 
is a simple alternative: Just replace the line 

X := Zero; Z1 := 0;... Zn := 0; (* Initialize all vars to nil *) 


above by 

readin; Z1 := 0;... Zn := 0; (* Initialize X to d, others to nil *) 


where procedure readin reads d = (di d 2 ... d n ) and initializes Hd, Tl and sets Time to 
n+3 (all just as the initialization sequence above would do). This is Exercise 17.2. 
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Trace of an example simulation. Consider the reverse program seen before, and 
assume that it is given input X = (1 0), coded as ( (nil .nil) nil) , which is represented 
in the Hd, T1 table positions 0 through 4. This would give rise to the sequence of memory 
images in Figure 17.5, where 

Time^ = the DAG cell that variable U is bound to at time t 
Instrt = the instruction about to be executed at time t 
Hdt, Tit = the final values of Hd [£], T1 [£], respectively 

This models the right part of Figure 17.1, except that all of nil, a and b are represented 
by cell number 0. 


Timet 

Instrt 

Hd ( 

Tl* 

X* 

Y t 

Z t 

0 



0 

0 


0 

0 

1 

Initialize data at 


0 

0 


0 

0 

2 

times 


— 

— 


0 

0 

3 

t 1,... ,n + 2 


0 

0 

3 

0 

0 

4 



1 

3 

4 

0 

0 

5 

1: Y := nil 


— 

— 

4 

0 

0 

6 

2: if X goto 4 


— 

— 

4 

0 

0 

7 

4: Z := hd X 


— 

— 

4 

0 

1 

8 

5: Y := cons Z 

Y 

1 

0 

4 

8 

1 

9 

6: X := tl X 


— 

— 

3 

8 

1 

10 

7: goto 2 


— 

— 

3 

8 

1 

11 

2: if X goto 4 


— 

— 

3 

8 

1 

12 

4: Z := hd X 


— 

— 

3 

8 

0 

13 

5: Y := cons Z 

Y 

0 

8 

3 

13 

0 

14 

6: X := tl X 


— 

— 

0 

13 

0 

15 

7: goto 2 


— 

— 

0 

13 

0 

16 

2: if X goto 4 


— 

— 

0 

13 

0 

17 

3: goto 8 


— 

— 

0 

13 

0 

18 

8: write Y 


— 

— 

0 

13 

0 


Figure 17.5: Some values. 
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Memory reuse 

Practical implementations of programs manipulating tree-structured data re-use memory 
cells , in contrast to the method above which allocates a new cell every time the clock 
ticks. This is often done by organizing all free cells into a single linked list called the 
freelist. A cons operation can be implemented by detaching a cell from the freelist, and 
assigning its two fields. When memory is exhausted (assuming it is finite, unlike in the 
model above), a garbage collection phase ensues, in which cells that have no pointers 
to them are located and collected together into a new freelist (assuming there are any 
unused cells, else execution aborts). Describing such methods in more detail is beyond 
the scope of this book. 


Exercises 

17.1 Write a Pascal-like program “writeout (index)” . Its effect should be to print out 

the value in ID denoted by position index in the Hd and T1 arrays. □ 

17.2 Write a Pascal-like program “readin.” Its input should be a list (a x ... a n ) G IDoi- 
Its effect should be to initialise the Hd and T1 arrays so that cell n + 2 denotes the value 

(a^...a n ). n 


References 


The implementation ideas sketched in this chapter stem from McCarthy’s original work 
on Lisp [124]. A more pedagogical treatment can be found in Henderson’s book [67]. 
Relevant ideas are also discussed in [78, 159]. 




18 Robustness of Time-bounded 
Computation 


In Chapter 8 the term “robust” had a precise meaning: that the classes of problems 
decidable by a wide range of computation models are invariant, aside from inessential data 
encodings. Computing in a resource-limited context leads to a new aspect of robustness. 
Ideally, resource-bounded problem solvability should be: 

1 . invariant with respect to choice of machine model; 

2 . invariant with respect to size and kind of resource bound (e.g. quadratic time, 
polynomial space, etc.); and 

3. invariant with respect to problem representation (e.g. the choice to represent a 
directed graph by an incidence matrix or by adjacency lists should not make a 
complexity difference). 

In this chapter we will affirm the first two points for polynomial time bounds, and leave 
the last to Chapter 25. As before we are only interested in decision problems expressible 
by a “yes-no” answer, and not in computation of functions. 

18.1 Classifying programs by their running times 

We begin by defining a resource-bounded program class to be the set of programs that run 
within a given resource bound. Next, we define the sets of problems solvable by programs 
running within these classes; for instance the well-known class ptime is defined below to 
be exactly the set of problems solvable by programs in WHILE p ^ me . 

Consequent to the discussion of Section 16.2, we assume L -data— {0,1}* for every 
language L. Recall that |d| is the size of a data value d: the number of symbols in it if d 
is a string in {0,1}*, and the number of leaves if d is a tree in ID. 

Definition 18.1.1 Given programming language L and a total function / : IN — > IN, we 
define three sets of time-bounded programs: 

L time(f{n)) _ |p ^ L -program \ time^(d) < /(|d|) for all d G L -data} 
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j j)time 


u 


time(Xn. p(n )) 


p a polynomial 


oo 


lintime 


O 


time(\n. kn ) 


k=0 


The corresponding classes of decision problems solvable within limited time are easy to 
define. 


Definition 18.1.2 Given programming language L and a total function / : IN —»IN 


1. The class of problems L- decidable in time f is: 

time l (/) = {AC {0,1}* I A is decided by some p G 


2. The class PTIME of problems L- decidable in polynomial time is: 

ptime l = {A C {0,1}* | .A is decided by some p G \JP tirne )} 


3. The class LINTIME of problems L- decidable in linear time is: 


LINTIME 


{A C {0,1}* | A is decided by some p G L 


lintime 


Lemma 18.1.3 L -< hntime m implies lintime l C lintime m , and L = hntirne m implies 

lintime l = lintime* 1 . 

Proof. Let A G lintime l . Then A is decided by some L-program p such that time^(d) < 
a • |d| for some a and all d. By Definition 16.3.1, L -A inUrne m implies there exists an 
M-program q such that [[pJ L = [[qJ M , and time^(d) < b • time^(d) for some b and all data d. 
Combining these two we get 

time^(d) < b • time £(d) < b- a - |d 

Consequently A G lintime m , so lintime l C lintime m . 

If L = hntirne m then L -< hntirne m and M -< lintirne a. By the reasoning above, this implies 
lintime l C lintime m and lintime m C lintime l and so that lintime l = lintimeT □ 
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18.2 Robustness of polynomial time 

Recall the several simulations and constructions from Chapter 8. We now do time anal¬ 
yses of some of them, and give another construction. Recall from Definition 16.3.1 that 
notation y hntirne -P9-^ d [ s used for linear-time simulation overhead with a program- 
independent constant factor a. 

18.2.1 Efficiently compiling TM to GOTO 

Theorem 18.2.1 TM ^ntime-pg-ind G0T0 

Proof. Let program p = Ii . . . I m be a Turing machine program using alphabet {0,1,B}. 
By the construction of Section 8.5, each Turing machine instruction is mapped into 
a nonlooping sequence of GOTO instructions. Let k be the length of the longest such 
instruction sequence. Thus the total GOTO program run time is at most k times slower 
than the Turing machine. Further, k is independent of program p, so we have a lintime- 
pg-ind simulation. □ 

18.2.2 Efficiently compiling GOTO to SRAM 

In Chapter 8 we showed how to compile a GOTO program to an equivalent CM program. 
That construction does not serve our needs, though, for several reasons. First, counter 
machine programs have too limited an instruction set for polynomial time to be mean¬ 
ingful. Second, the translation of Chapter 8 took no account of data sharing (as used 
in the DAG semantics), so the time to simulate X:=cons X X, for instance, would be 
unrealistically high, even if the first problem could somehow be overcome. 

Instead, we will show how to compile an GOTO-program p into an equivalent SRAM- 
program. The idea is simply to implement the DAG semantics of Section 17.1 on the 
SRAM model. 

Theorem 18.2.2 GOTO y}™time- Pg -ind SRAM 

Proof. In Section 17.2 we sketched a Pascal-like implementation of a GOTO program. The 
implementation assumed data to be stored in registers representing the tree structures 
of GOTO programs by means of graph structures: The SRAM memory represents a DAG, 
which in turn represents a memory state of the GOTO program being simulated. The 
simulation sketched in Section 17.2 preserves these representations after simulating any 
one GOTO instruction. 
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The running time of the Pascal-like program from the construction of Figure 17.4 
is clearly at most linearly slower (by a program-independent constant factor) than the 
GOTO program from which it was obtained. The construction can be refined to yield an 
equivalent SRAM program, as in Exercise 18.6. 

Given these representations, each GOTO operation is conceptually realized by a simple 
operation on the DAG, realizable by a nonlooping sequence of SRAM operations. Further, 
the running time of the SRAM program is shown in Exercise 18.6 to be slower than the 
GOTO program from which it was obtained by at most a program-independent linear 
factor. □ 

18.2.3 Compiling SRAM to TM 

Theorem 18.2.3 Under the unit-cost measure, SRAM -<P tirne TM 

Proof. Assume the construction of Section 8.4 is applied to an SRAM-program p = 
Ii;I 2 ;...Im, yielding a 5-tape TM-program q with Jp]] SRAM = [[qj™. We will argue that q’s 
running time is slower than p : s running time by at most a polynomial factor. 

Recall the SRAM instruction syntax. 

I ::= Xi := Xi + 1 | Xi := Xi - 1 | if Xi=0 goto £ else £' 

Xi := Xj | Xi := <Xj> | <Xi> := Xj 

For any input d of length n, p's initial store is cto = [0 i—> n, 1 0,2 0,... ,i i—>• 0,...]. 

Now suppose that program p, after executing t>n steps, has store 

o = [0 vq , 1 f—i > Vi ,..., k f—;► Vk ,...] 

We now analyze store u. Initially, the value of every cell Xi was 0 except for X0, which 
contained n. The only way cell i with nonzero address can receive a nonzero value is 
by a direct store Xi := . . . or an indirect store <Xi> := Xj. Since in one step an 
SRAM-program can at most increase the value a(i) of cell Xi by 1, after t steps none of 
the values Vi can exceed t' = t + n < 2t in value. Further we have <j{i) = 0 for all i > £', 
since no addresses i larger than t' can have been computed. 

This implies that in the Turing machine simulation the Address and Contents tapes 
can have length at most 0(tlogt) bits after simulating t steps. The same length bound 
applies to the accumulator and scratch tapes. One instruction of SRAM-program p is 
simulated on the Turing machine by at most five scans and copyings of the various 
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tapes. Thus the t -th computation step of SRAM-program pgtp is simulated by at most 
0(btlogt) < a-tlogt Turing machine steps, for a suitable constant a and all t. 

Now, a total time analysis: let u = time^ Rm (d). No step by p takes time more than 
time™( d) < a-ulogu to simulate by the Turing machine, and one simulation step requires 
at most a-ulogu time. 

Thus the entire iz-step simulation takes time at most a-u 2 logu Turing machine steps. 
This yields £zrae™(d) = 0(u 2 \ogu) where u= time ERAM (d). This is polynomially bounded, 
as required. □ 


18.2.4 The polynomial-time robustness theorem 

Theorem 18.2.4 ptime sram = ptime™ = ptime G0T0 = ptime while = ptime 1 


Proof. First, ptime G0T0 = ptime while = ptime 1 by Lemma 18.1.3 and Exercise 18.1. 
Second, by the constructions just given, 


-pjyj _^lintime—pg—ind QQpQ - Aintime—pg—ind 


SRAM - <p tirne TM 


Now in general L ■^ hntirne -P9-f’nd M or p -< h nume M i m pli es l -<P tinie m, and so in particular 
TM -<P time GOTO <P tirne SRAM <P ti7ne TM. Thus TM =P tirne GOTO =P tirne SRAM =P tirne TM. 
From this it is immediate that ptime sram = ptime™ = ptime G0TD . 


This theorem justifies writing only ptime, since the class of problems so defined s in¬ 
dependent of (any reasonable) computing model used to define it. Remark : using the 
logarithmic cost measure, the general RAM is polynomially equivalent to the models above; 
see Exercise 18.7. 


18.3 Linear time 

Some of the following results concern programs in the functional language F, leading 
to the need to define its time usage function time R (d). Informally, this is just another 
“unit-cost” measure, counting 1 for every operation, test or function call. 

18.3.1 Running times of F programs 

Consider program p = EO whererec f (X) = B. The following uses the F semantic func¬ 
tion £ : Expression —» Expression —»ID —>• Dj_ as defined in Figure 9.1. Given a value v 
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of the variable X in an expression E, the function T maps E and v into the time T[[E]]v G IN 
taken to evaluate E. Further, function V maps p and d into the time V [p]]d G IN taken 
to run p on d, i.e. < P[[p]]d= time F (d). 

Definition 18.3.1 The functions T : Expression —» Expression —> D —> IN± and V : 
F —program — » D —> INj_ are defined by: 


'PjEO whererec f (x) = Bjd 

T [[X] B v 

T [[d] B v 

T[[hd E]]Bv 

T[[tl E]]Bv 

T[[cons E Fpv 

T[[if E then El else E2pv 

T[[if E then El else E2pv 

T\f (E)]]Bv 


TpOpd 

1 

1 

l + T[[E]]Bv 

1+Tppv 

1+Tppv+Tppv 

l + T[E]]Bv + T[[El]|Bv, if ^[[EjBv^nil 

1 + T|[E]]Bv + T[[E2]]Bv, if £|E]]Bv = nil 

l + T[[E]]Bv + T[[Bp(5[[Ep) 

□ 


18.3.2 Linear-time equivalence of GOTO, WHILE, I, and F 

Lemma 18.3.2 There exist two programs intIF and intFI and constants c,d such that 
for any p G I— programs, q£ F— programs and all d G D: 

pntIF]f(p.d) = [[p]] 1 (d) and time F intIF ( p.d) < c- time p(d) 

[[intFl]] I (q.d) = [q]] F (d) and time\ nt¥1 { q.d) < d • time^( d) 

Proof. The result follows from an easy time analysis of the constructions in Propositions 
9.2.1 and 9.2.2. Program independence holds because I and F programs have only one 
variable. □ 

Theorem 18.3.3 GOTO = lintirne WHILE = lintime i =Hntime F? so 

LINTIME G0T0 = LINTIME WHILE = LINTIME 1 = LINTIME F 


By Exercise 18.1, L =p tirne m for any two of the languages just listed. 
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Proof. This follows partly from the compilations of Propositions 8.2.1 and 8.2.2. In each 
case, the translated program q runs slower than the original p by a constant factor. For 
example in going from WHILE to GOTO by Proposition 8.2.1, tzme G0T0 (d) < a • £zmep HILE (d) 
for some a and all d. 

The remainder follows from Lemma 18.3.2. 

□ 

Theorem 18.3.3 states a form of robustness within linear-time decidable problems: the 
class lintime l is stable for the cluster we have studied until now of programming lan¬ 
guages that L manipulate trees in ID. 

Robustness of the concept of lineartime 

The question “just which problems can be solved in linear time” has aroused some contro¬ 
versy and many differences of opinion, as it depends critically on the exact commputation 
model used (i.e. it is not as “robust” as the class ptime). One might hope that Theorem 
18.3.3 could be extended, for example to 

LINTIME™ = LINTIME G0T0 = LINTIME SRAM 

but this seems false: the class of problems solvable in linear time is nonrobust since it 
appears to be different for various models. In particular, the multitape Turing machine 
model is unnatural for linear time, and seems unable to solve as many problems in linear 
time as the SRAM. 


18.4 Linear time factors don’t matter for Turing 

machines 

The following material is included for historical interest, but is not central to our devel¬ 
opment. It should probably be skipped on first reading. 

In the classical Turing machine model (described in Section 7.6), one-step transitions 
are defined to cost one time unit each. The definition is unrealistic, as it ignores two 
important program-dependent parameters: the number of tapes /c, and the size of the tape 
alphabet E. The assumption that these can be chosen arbitrarily large is also questionable 
in view of Alan Turing’s analysis of computation, cf. Exercise 1.1. 
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In this section we show that not accounting for these factors 1 implies the well-known 
Turing machine constant speedup theorem. It in essence asserts that for any classical 
Turing machine running in super linear time, there is an equivalent one that runs faster 
by any desired constant factor. The central idea in the proof is to replace the tape 
alphabet £ by another alphabet £ m for a possibly large constant m. 

There is some controversy as to the interpretation of the speed-up theorem and its 
proof. Papadimitriou [138] claims that "advances in hardware make constants meaning¬ 
less,” since the proof shows that increasing the word size of the computer decreases the 
running-time by a constant-factor. Saying that a program runs in 2 • n 2 time does not 
make sense, because while this may be true of today's computer, the program may run in 
n 2 time on the computer of tomorrow. Instead, one should simply say that the program 
runs in 0(n 2 ) time, thus abstracting from the constant factor. 

This however, does not account for the fact that const ant-factors may make a differ¬ 
ence when considering programs that run on the same computer , i.e., when the word size 
is fixed. Indeed, claiming that every superlinear program’s running time can be cut in 
half clearly contradicts daily programming experience. Moreover, a sign of a mismatch of 
theory with practice is seen in its proof which, in practical terms, amounts to increasing 
the word size. Intuitively speaking, the speedup is obtained by a change of hardware 
— unrealistic from a programming perspective. In any case, the physical realizability of 
this trick is dubious. 

Further, it is not at all clear that the technique could be adapted to more familiar 
machine architectures, even if one assumed that hardware could be increased in size 
upon demand. The constant speedup theorem is in fact false for the I and F languages: 
Theorem 19.3.1 shows that increased constant factors give a provable increase in decision 
power for linear time bounds, and Theorem 19.5.3 does the same for a broad class of 
so-called constructible time bounds. A consequence is that the classical Turing machine 
computation model is provably different from I and F for problems solvable in linear and 
many other time bounds. One view of this is that I and F are more faithful models of 
computational practice than classical Turing machines. 

Before proving the main result it may be useful to review a simple example illustrating 
the essential idea in the speed-up theorem. 

Example 18.4.1 The following Turing machine M decides the set of even unary num¬ 
bers. 

1. £ = {0,1,B}; 


1 Together with the one-dimensional nature of the storage tapes. 
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2 . Q = {£<>,..., e 3 }; 

o; 

3; 




5. T = {(£ 0 , 



The machine first moves to the right of the initial blank and then reads past l’s. It is 
in state f\ whenever it has read an even number of l’s, and in state £2 whenever it has 
read an odd number of l’s. Therefore, if the blank following the input is arrived at in 
^ 1 , the input is even and the output hence is 1. The machine requires around |x| steps 
to compute its result, where x is the input, and \x\ its length. 

We will now consider an equivalent machine M' which, apart from an initial setup 
phase, runs in half the time. The idea is to use an alphabet which allows us to express 
two consecutive occurrences of 1 in a single symbol 11. This allows us to read past two 
l’s in a single transition, and therefore the new machine will run twice as fast. 

However, M' receives its input in the same form as M and must therefore first trans¬ 
form it into the compressed format. We will use an extra tape to carry the compressed 
form of the input. Here is M': 2 


1. £ = {0,1,B,11,1B}; 

2. Q = U 


3. L 


invt 


4- ffin 


4; 

4; 


5. T= {(4,(B,B,^),nop,4) ;< 

(4,(b,b,|),(b,b,H,4),(4,(b,b,|),(b,ib, < -),4), 

(4, nop, (11,11, <-), 4), (4, nop, (B, B, -»), 4 ), 

(4, nop, (11, B, -), 4), (4, (b,o,<-)> (IB, B,|), 4), (4, (b,i,H,(b,b,|), 4)} 

As usual the first transition just skips the initial blank. The next group of transitions 
move the input to the second tape in compressed form. If the input does not have even 
length, then it is necessary to pad an extra blank to the last 1, since we collect pairs 
of symbols into single symbols. The symbol IB is used for this. The third group of 
transitions move to the start of the compressed input on the second tape (alternatively 
we could have processed the input backwards). Finally, the last group of transitions 
process the compressed input. 


2 Remember that nop is short for (B,B, j). 




280 Robustness of Time-bounded Computation 


The last phase takes around |"|a;|/2] steps so we have roughly reduced the running¬ 
time by half. The price to be paid is that we need to compress the input and go back to 
the start, and this takes around \x\ + |"|a;|/2] steps. □ 

In this example, the total cost has been increased. However, this is just because M 
has linear running time. If M runs in super linear time then the added linear time to 
compress the input may be outweighed by the halfing of the superlinear running time, 
as the next theorem shows. 

Theorem 18.4.2 Let M be a classical Turing machine deciding a set L in time /. For 
any e > 0 there is a Turing machine deciding L in time g where g(n) = £ • /(n) + 2n + 4. 


Proof. We shall prove that if 


M — (Z,QAnitJfin,T) 


is a 1-tape Turing machine running in time / and e > 0, then there is a 2-tape machine 

M' = (Y/ ,Q' 


running in time A n.e- f(n) + 2n + 4. It is easy to modify the proof to show that if M is 
a k -tape machine, for k > 1, then M' also is a /c-tape machine. 

The essential idea of the proof is similar to that of the example above. Each symbol 
of M' encodes several symbols of M. As a consequence, several successive transitions in 
M can be encoded by a single transition of M '. 

More specifically, we shall encode m— \b/e\ symbols of M into a single symbol of 
M' (the choice of m will be clear at the end of the proof). Thus X' contains all m-tuples 
of symbols from M. Since M f must be able do deal with the input to M, X' must also 
include the alphabet of M. Hence: 


x' = xux m 


The transitions of M' are divided into three phases: a compression phase, a simulation 
phase, and a decompression phase. 

In the compression phase M' reads the input x from tape 1 and stores it in compressed 
form of length [|x|/m] on the auxiliary tape, erasing tape 1 at the same time. 3 Whenever 
m symbols o\ ,..., a m G X have been read from tape 1, the single symbol ,..., o m ) G X m 
is written to the auxiliary tape. This can be done by recalling in the state the symbols 
that are read. 

3 Note that in the general case where M is a /c-tape machine, k > 1, such an auxiliary tape is available 
already in M' which is also given k tapes. 
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More specifically, we include in M' states 

Q' =S°UE 1 U...US m - 1 

with the following meaning: 


state 

in 

has meaning 

0 


no symbols read from tape 1 yet 

O) 

S 1 

o read from tape 1 

Ol,CT2) 

• 

£ 2 

• 

o ~2 read from tape 1 

• 

• 

• 

((Tl, . • • , O'm— 1) 

• 

• 

Yr~ 1 

• 

• 

(Ti ,..., a m _i read from tape 1 


The transitions to do the compression appear in Figure 18.1, to which the following 
numbers refer. As long as less than m symbols have been read from tape 1, another 
symbol is read and recorded in the state (1). When m symbols have been read from tape 
1 , the compressed symbol is written to tape 2, and control returns to the initial state (2). 
If the whole input has been read, the compression phase ends (3). In case the input ends 
in the middle of an m- tuple, additional blanks are padded (4). When the compression 
phase ends, the read/write head on tape 2, moves to the beginning of the input (5). All 
this takes 2 + \x\ + |"|x|/m] steps. 

We are then ready to the simulation phase in which all operations take place on the 
second tape. In the simulation phase M' repeatedly simulates m transitions of M by 
at most 6 transitions. Such a simulation of m steps is called a stage. At every stage 
M' moves one square to the left, two to the right, and one to the left again. Recalling 
the scanned tuples in the state, M' now has sufficient information to predict the next 
m steps of M. These m steps can affect at most m successive squares, spanning over at 
most two consective m-tuples, and so M' can implement the next m transitions of M by 
at most two transitions. 

More specifically, at each stage, M' begins in a state (g,j), where q represents the 
state of M and j is the position of M’s read/write head within the m-tuple that M' 
currently scans. This requires the addition to Q': 

Q' = .. .UQ x {1,... ,m} 

At the very first stage, control must be passed from the compression phase to the simu¬ 
lation phase (6). M' now moves one square to the left (7), then two to the right (8-9), 
and one to the left again (10), recalling the scanned m-tuples in the state. This requires 
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Compression phase. For all (r) G E m ,cr^ G E: 

(2) ((cti, ...,(cr, B, >), ((<7i, ■..,cr m _i } cr),B, >), ()) 

(3) ((),(B,B,J.),(B,B,<-),4 os ) 

(4) ((o’!,,.. ,CT;), (B,B, J.), ((<Ti,.• • , 0 "j,B,. .. ,B),B, <— ),4os) 1 < l <m-l 

(5) (4 os ,nop,(T,T,<-),e eos ) 


Simulation phase I. For all (o'), (r), (p) £ S m U {B}, q £ Q,j £ {1,... ,m}: 

( 6 ) (£ 

eos i 

( 7 ) (( q,j),nop,(T,T,<-),(q,j,f )) 

(8) t) , nop, (o', o', -»), (g, j, o', f)) 

(9) ((?, j, o', f), nop, (f, f, ->), (g*, j, o', f)) 

(10) ((g*,j,o ! ,f),nop,(p,p,<-),(g,j,o',f,p)) 


Simulati 

where t = m, or t < m and g' = 

and 7T]_ — 7Ti,...,7r m , 7T2 7Tm+l 5 • • • 5 ^"2mi ^3 — ^"2m+l 5 • • • 5 ^3m • 


injphase II. For (<r,, v . ,,, 

(LtJTi • • . T"j — \ •) j •)'Tj ^ 



€ QJ G {1, - - - ,m} with 

7Ti . . • 7r/_i,7r/,7T/ + i . . . 7T3 m RJ J 


((9*,J,(o ! ,r,A)),nop,((o'),(7ri),|),(g , ,Z)) 
n2 3(9.i,(o ! .l ? ,p)),nop,((f),(7f2),-^),(g*,j, (a,T,p))) 

( ls A(q,j,(v,T,p)),nop,((T),(Tt2),<-),(q*,j, (a,T,p))) 

> ((q*,j,(v,T,p)),nop,((a),(n 3 ),^>),(q , ,l)) 

(u A(q,j,(v,T,p)),nop,((T),(TT 2 ),^),(q*,j,(a,T,p))) 
{(q*J,(v,T,p)),nop,((a),(n 3 ),<-),(q' ,1)) 

( 1 5){{q,j,{v,T,p)),nop,{{T),(ir 2 ),l),{<l'J)) 


if 1 < l — 1 < m 


if 2 m+ 1 < l 

— 1 < 3m 

if m + 1 < l 

— 1 < 2m 

and tti a 


if m + 1 < l 

— 1 < 2m 

and 7? 3 ^ p 


if m + 1 < l 

— 1 < 2m 

and 7?i = cr, 

7T3 = P 


Decompression phase. For all (cr) G E m U{B},j G {l,...,m}: 

( 16 ) ((tf in ,j),(B,a j+1 ,^-),(a,a,l),e oo ) 


Figure 18.1: Transitions in the sped-up machine. 
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the addition to Q': 


U Q x {1,..., m} x £ rn 
U Q x {1,... ,ra} x £ 2m 
U Qx{l,... ,ra} x E 3m 


After these move operations, M' is in a state 4 




representing the information that at this point M is in state q , tj is its scanned symbol, 
and to the left on the tape it has <r, t\ ,..., Tj_i, and to the right it has t 3 +\ ,..., r n , p. Now 
suppose that M has the following computation in m steps (all such ra-step computations 
can be computed from just the definition of M, without knowing the input). 5 


((b . . • Tj— i, Tj , Tj-j-1 . . • T m , pR)) , (L7 Ti . . - 7T/ — i, 7T^, 7TZ-j-1 • • • 7T3mfi)) 

Then M' simulates that in two steps, splitting into cases according to whether changes 
are made in < 7 , r, and p (11)-(15). If the computation happens in fewer than m steps, 
but ends similar transitions are made by M '. Thus the simulation phase comprises 
a total of at most 6[/(|x|)/m] +1 steps. 

The decompression phase begins, if M ever terminates, and simply consists in decom¬ 
pressing the output. 

More specifically, if M terminates, the initial configuration of M leads to 


(•^ fin 1 (LTL ’ ’ * 7~j — 1 ? T? ’ Tj-\-l ’ ' ‘ ) 

where r J+ i is either 1 or 0. Correspondingly, M' terminates in a configuration, 

((^/m,i), (L / ,a,R / ), (L,r,R)) 


Therefore, Tj is written on tape 1, and M' ends in its final state £00 (17). This adds just 
one to the running time. 

The total running time, then, of the simulation is 


(2 + x + 


x 


m l) + (6|"/(|x|)/m] + 1) + 1 < ef(\x\) + 4 + 2|x 


as requried. □ 

4 From now on it will be convenient to use the vector notation a = cr m . We shall bit a bit 

sloppy and write, e.g., B G instead of the more correct (B) G X m . 

5 Some of the <Ji,Tj,pl could be blanks; m-tuples of blanks are treated as a single blank. 
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The reader should not be surprised to see analogs of the preceding theorem with the 
term 2n + 4 replaced by some other term. The term is sensitive to small changes in the 
definition of Turing machines. For instance, some models only allow a machine to write 
a symbol or move one square, but not both, in a single step, and this makes a difference. 


Exercises 

18.1 Show that L = lintirne m implies PTIME L = PTIME m . □ 

18.2 Show that that the interpreter int of F by WHILE of Proposition 9.2.2 induces at 

most a program-independent constant slowdown: given any F-program p and input d, 
£zrae™ LE (p.d) < b ■ time^(d). □ 

18.3 Complete Lemma 18.3.2 part 1 by showing that the interpreter int of Exercise 

18.2 can be replaced by an I program. □ 

18.4 Show that the interpreter int of I by F of Proposition 9.2.2 induces at most constant 

slowdown: for any I program p and input d, £zme E nt (p.d) < b • time^(d). This finishes 
Lemma 18.3.2. □ 

18.5 Show how to simulate a Pascal-like program with several arrays, with no more than 

a constant overhead time per operation. RAM □ 

18.6 * The Pascal-like implementation of GOTO was not quite a SRAM program because 
it had several arrays, and records as well. Prove that this is equivalent to an SRAM 
program running at most linearly more slowly. Consequence: any GOTO program p can 
be implemented by a SRAM program q which runs in time linear in p's running time. 

Does the constant coefficient depend on program p? □ 

18.7 Argue informally that the SRAM TM under the logarithmic time cost measure 

for SRAM computations. Show that this implies PTIME = PTIME sram . □ 

18.8 Why can the proof method of Theorem 18.4.2 not be applied to WHILE or GOTO? □ 
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19 Linear and Other Time Hierarchies for 
WHILE Programs 


An interesting question is: for a given programing language L, does a < b imply 1 

TIME L (a-n)§ TlME L (6-n) 

In other words: can L-programs solve more problems if one gives them a larger “running¬ 
time allowance” ? In this chapter we answer positively, by proving that increasing the 
time available by a sufficient amount does indeed increase the class of solvable problems, 
even within linear time bounds. 

The first result concerns the small subset of the WHILE language called I, in which 
programs are limited to one variable. We prove that constant time factors do matter for 
both I and F (the functional language of Section 9.1), for linear time bounds. This result, 
in agreement with daily experience, is in contrast to the situation for Turing machines 
as seen by Theorem 18.4.2. 

A key to the proof is the existence of an “efficient” self-interpreter for I. This is 
used in a time-bounded version of the diagonalization argument used earlier to show the 
existence of uncomputable functions. 

This is first shown for I, then the results are extended to the functional language F, 
and then to superlinear time bounds: proper increases can occur when one time bound 
function dominates another in the limit. Finally, some limits to the construction of 
hierarchies are referenced; proofs of those results will appear in a later chapter. 

For I, we show specifically that there is a constant b such that for any a > 1 there is 
a decision problem A which cannot be solved by any program that runs in time bounded 
by a-n. This fact is true regardless of how clever one is at programming, or at problem 
analysis, or both. 

On the other hand, there is a constant b such that problem A can be solved by some 
I-program in time a-b-n on all inputs of size n. In other words, provision of sufficiently 
more time provably gives a greater problem-solving ability, even within lintime. 

Essentially the same construction has been carried out in detail on the computer by 
Hesselund and Dahl. By carefully examining the constant factors in their construction, 
they establish in [31] that time 1 (201 • a • n + 48) properly includes TlME I (a-n), so the 
result holds for the value b = 201 + 48 = 249. 

^■Here n is the length of a program’s input. 
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19.1 An efficient universal program for I 

Running times of I programs are defined just as in Section 16.4.3 (reasonable, since I is 
a subset of WHILE). We show that the universal program for I developed in Section 4.1.1 
is “efficient,” a term we use with a definite technical meaning: 

An “efficient” interpreter is one whose use costs at most a program-independent linear 
overhead , as in Section 16.3.2. Note that constant a below is quantified before p, so the 
overhead caused by an efficient interpreter is independent of the programs it interpret. 

Definition 19.1.1 An S-interpreter int written in L is efficient if there is a constant a 
such that for all p G S— programs and d G S —data: 

£zmel; nt (p.d) < a - time^(d) 

Constructing an efficient interpreter 

Recall the interpreter ulvar for one-variable WHILE programs constructed in Section 
4.1.1. It had form: 

read PD; 

P := hd PD; 

C := hd (tl P) 

Cd := cons C nil; 

St := nil; 

VI := tl PD; 
while Cd do STEP; 
write VI; 

where STEP is the large rewrite command of Figure 4.1. This program ulvar is easily 
seen to be efficient in the sense above: 

Proposition 19.1.2 There exists a such that for all p and d 
£zrae™ar(P- d ) < a ■ time p HILE (d) 

Proof. Note that the entire STEP command of Figure 4.1 is a fixed piece of noniterative 
code. For any one operation of p, STEP finds the appropriate rule(s) to apply, by matching 
the top of the control stack Cd and, in some cases, the top of the computation stack St. 
For any one p operation it only takes a constant amount of time (independent of p and 
d) to find the appropriate rewrite rule(s) and to realize its effect (their effects). 


(* Input (p.d) *) 
(* P = ((var 1) c (var 1)) *) 
(* C = c program code is c *) 
(* Cd = (c.nil), Code to execute is c *) 
(* St = nil. Stack empty *) 


(* VI = d Initial value of var.*) 

(* do while there is code to execute *) 
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Any single step of the interpreted program is realized by applying at most two it¬ 
erations of STEP. For example, the decision of whether while E do C should perform C 
the first time takes one step in p (in addition to the time to evaluate E). The interpreter 
realizes the action of while E do C by applying STEP twice: one to set up the code stack 
before evaluating the expression E; and once after E’s evaluation, to check E’s value to 
see whether to enter command C or to escape from the while loop. 

This implies that there exists a uniform and program-independent upper bound on 
the interpretation/execution time ratio for all computations. 

Variable access in the simulated program p is simulated by actions in ulvar. Since p 
has at most one variable, their execution times are independent of p. They are dependent 
on the interpreter ulvar, but are independent of program p. 

However it is not clear that a program-independent upper bound can exist if p is 
allowed to be an arbitrary multiple-variable WHILE program. The problem is that if the 
interpreted program has multiple variables, the actions to simulate variable access and 
storage will take time depending on the number of variables in p. □ 

Remark : ulvar satisfies another natural inequality, in the opposite direction: there exists 
a constant b such that for each one-variable program p and input d: 

£zraeWHILE(d) < fr. time^^^. (p.d) 

Such a bound is quite natural, because every single step of the interpreted program p is 
simulated by several actions (always more than one) of ulvar. 

Although natural, such a constant b does not exist for all universal programs, since 
there exist infinite classes of programs that can be simulated faster than they run. One 
way this can be done is by remembering whether a certain subcomputation has been 
performed before and, if so, fetching its result from memory rather than repeating the 
computation. An example os this is Cook's construction involving stack programs [30, 6]. 


An efficient self-interpreter for I 

Program ulvar is not, however, a self-interpreter, since it itself uses more than one 
variable (such as Cd and St). However it can be translated into one, as in Section 3.7.1. 

Theorem 19.1.3 The self-interpreter i of Theorem 4.2.1 is efficient. 
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Proof. A correctness proof resembles that of Exercise 4.1. Each operation of the inter¬ 
preted program is realized by a program-independent number of the interpreter’s opera¬ 
tions. □ 


19.2 An efficient timed universal program for I 

Definition 19.2.1 An I-program tu is a timed universal program if for all p G I- 
programs , d G ID and n > 1: 

1. If time p ( d) < n then Jtu]](p . d . nil n ) = (Up]](d) .nil), and 

2. If time p { d) > n then Jtu]](p . d . nil n ) = nil. 

The effect of [tu]](p.d.nil n ) is to simulate p for min(nTzme p (d)) steps. If time^i^d) < n, 
i.e. p terminates within n steps, then tu produces a non-nil value containing p’s result. 
If not, the value nil is yielded, indicating “time limit exceeded.” 

Similar to the terminology for interpreters, we say: 

Definition 19.2.2 A timed universal I-program tu is efficient if there is a constant k 
such that for all p, d G ID and n > 1: 

£zme t u((p-d).nil n ) < k • min(n,£zrae p (d)) 

We will now construct an efficient timed universal program tu for I. 

Construction 19.2.3 Recall the universal program i for I in Section 19.1. It was built 
by translating the WHILE program ulvar (plus its STEP command) into I. 

The idea in constructing tu is to start with ulvar, to add an extra input: a time 
limit of the form nil n stored in a variable Cntr, and some extra “clocking” code. Every 
time the simulation of one operation of program input p on data input d is completed, 
the “clocking” code will decrement Cntr and test it, stopping when it reaches zero. Call 
the resulting program tt. 

Details: program tt is seen in Figure 19.1, which uses a shorthand notation for the 
membership test. This is easily turned into actual I commands. Finally, let tu be the 
result of translating tt from WHILE to one-variable I code as in Proposition 3.7.4. 

Lemma 19.2.4 tu is an efficient timed universal I-program. 
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read X; (* X = ((p.d).nil n ) *) 

Cd := cons (hd (hd X)) nil; (* Code to be executed *) 

VI := tl (hd X); (* Initial value of simulated X *) 

Cntr := tl X; (* Time bound *) 

St := nil; (* Computation stack *) 

while Cd do 
if Cntr 

then { if hd (hd Cd) G { quote , var , do Jid , do jtl , 

do.cons , do_asgn , do_while } 

then Cntr := tl Cntr; 

STEP; X := cons VI nil;} 
else { Cd := nil; X := nil}; 
write X 

Figure 19.1: An efficient timed universal program tt. 

Proof. To prove tu efficient, we must find a k such that for all p G I— programs, d G ID, 
and n we have both of: 

time tn ((p. d) .nil 71 ) < k-time ? (d) 

time tn ((p. d) .nil 71 ) < k-n 

The first inequality holds by reasoning similar to that of Proposition 19.1.2. The second 
is immediate from the form of tu, since Cntr decreases with each iteration. If Aq,/c 2 
respectively satisfy the first and second, then max(fci,& 2 ) satisfies both. □ 

19.3 A linear-time hierarchy for I: constant time 

factors do matter 

Theorem 19.3.1 There is a b such that for all a > 1, there is a set A in TIME 1 (a• b-n) 
that is not in TIME 1 (a • n). 

Proof. Let program diag be as in Figure 19.2. Claim: the set 

A = (d | [[diagJ L (d) = true} 

is in TlME I (a-6-n) for an appropriate b (and all n), but is not in TlME x (a• n). Further, 
b will be seen to be independent of a and n. 
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read X; 

Timebound := nil“'l X l; 

Arg := cons (cons X X) Timebound; 

X := tu Arg; (* Run X on X for up to a- |X| steps *) 

if hd X then X := false (* or until Timebound is reduced to zero *) 

else X := true; 

write X 

Figure 19.2: Diagonalization program diag. 

We now analyze the running time of program diag on input p. Since a is fixed, 
nil a ‘ ^ can be computed in time c-a- |d| for some c and all d. We implicitly assume that 

command “Timebound := nil a ‘ ^ ” has been replaced by code to do this computation. 

From Lemma 19.2.4 there exists k such that the timed universal program tu of Figure 
19.1 runs in time £zrae tu ((p-p) .nil 72 ) < k ■ min(n, £zme p (p)). Thus the command “X : = 
tu Arg” takes time at most 

k • min(a ■ |p|, time v { p)) < k ■ a • |p| 

so on input p, program diag runs in time at most 

c- a • |p| + k • a • |p| + e 

where c is the constant factor used to compute a - |X|, k is from the timed universal 
program, and e accounts for the time beyond computing Timebound and running tu. 
Now |p| > 1 so 

c • a • \p\ + k • a • \p\ + e < a - (c + k + e) • \p 

which implies that A G TIME 1 ( a-b-n ) with b = c + k + e. 

We prove that A ^ TIME 1 (a • n) by a diagonal argument. Suppose for the sake of 
contradiction that A G time 1 (a • n). Then there exists a program p which decides mem¬ 
bership in A and satisfies time p (d) < a - |d| for all d G ID. Now consider the effect of 
running p on itself as input, i.e., computing [[pH(p)- The fact that tzme p (p) < a - |p| im¬ 
plies that tu in Figure 19.2 has sufficient time to simulate p to completion on input p. 
By Definition 19.2.2, this implies 

[tu]]((p.p) ,ni ia 'lp|) = (UpKp)- nil) 
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If [[p]](p) is false, then [[diag]](p) = true by construction of diag. If [[p]](p) is true, 
then [[diagj(p) = false. Both cases contradict the assumption that p and diag both 
decide membership in A. The only unjustified assumption was that A G time 1 (a -n), so 
this must be false. □ 


Two open problems. 

1. Theorem 19.3.1 holds for the value b= 201 + 48 = 249. Can b be reduced still 
farther, perhaps even to 1 + e for any e > 0? 

2. Does Theorem 19.3.1 hold for languages WHILE or GOTO? 

The theorem’s proof technique can be extended to the SRAM, although somewhat more 
complex programming is involved. 

Theorem 19.3.2 For either the unit-cost or the logarithmic cost measure, there is a 
constant b such that for all a > 1, there is a decision problem A in TlME SRAM (a -b-n) that 
is not in TIME SRAM (a-n). 

Proof. Exercises 19.3 and 19.4. 

19.4 A linear-time hierarchy for F 

Theorem 19.4.1 The result of Theorem 19.3.1 holds for the one-variable, one-atom 
functional language F. 

Proof. By Theorem 19.3.1 time 1 (a-n) (y TIME 1 (afr-n) for all a. Using this and constants 
c, d from Lemma 18.3.2 we obtain a chain of inequalities: 

TlME F (a-n) C TIME 1 [ad • n) ^ TIME 1 (abd-n) C time f (abed■ n) 

so the result holds with bed in place of the b of Theorem 19.3.1. □ 

19.5 Hierarchy results for superlinear times 

We showed earlier for languages I and F that within linear time bounds, increased time 
gives provably greater decision power. The proof technique involved diagonalization. In 
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this section we carry the theme further, showing analogous results for other computation 
models, and for other time bounds. In particular we will look at asymptotic complexity , 
showing that when one functional time bound grows faster than another in the limit, 
there are problems solvable in the larger time bound but not in the smaller. 

First, a slight generalization of the construction seen earlier. 

Construction 19.5.1 Given an I-program b, consider the program diag-b of Figure 
19.3, where tu is the timed universal program of Lemma 19.2.4: 

read X; 

Timebound := b X; (* Insert body of b here *) 

Arg := cons (cons X X) Timebound; 

X := tu Arg; (* run X on input X until it stops, *) 

if hd X (* or until Timebound is reduced to nil *) 

then X := false else X := true; 
write X 

Figure 19.3: Diagonalization program diag-b. 

Behavior: Suppose [[b]] (d) always yields values of the form nil 771 (as it always will in 
our applications). Then for any input p G ID with |b]](p) = nil rn : 

{ true if time p { p) > m 

false if time p ( p) < m and Up]](p) ^ false 
true if time p { p) < m and Up]](p) = false 

Time analysis: Let k be the interpretation and counting overhead incurred by the 
timed universal program tu, and e the time to perform the final test above. Then for 
any p G ID 

£zrae diag _ b (p) < time b (p) + k • min( | [bj (p) | + e, time p (p) ) 

< time b ( p) + k • | JbJ (p) | + e 

Time-costructible functions 

Motivation: For a time bound function f(n) to be useful, it must be possible when given 
an input of size n to find out how much time f(n) is available by a computation not 
taking more than the order of f(n) steps. 
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Definition 19.5.2 Function / : IN —»IN is time constructible if there is a program b 
and a c > 0 such that for all n > 0 

JbJ(nil n ) = nil^ n ) and time h ( nil n ) < c- /(n) 

Many familiar monotone functions are time-constructible, e.g. all linear functions, all 
polynomials, and / + #,/* <7,/^ whenever f,g are time-constructible (Exercisel9.8). 

A more liberal definition is to let [[b]](nil n ) be the binary representation of f{n). All 
the following works with this broader formulation; only small changes are necessary. 

Theorem 19.5.3 Suppose / is time-constructible and f(x) ^ 0 for all x. Then there 
exists b > 0 such that time i (5/)\time i (/) ^ 0. 

Proof. Suppose b and c are as in the definition of time-constructible, and let program 
diag-b be as in Construction 19.5.1. Then 

£zrae diag _ b (p) < c-/(|p|) + fc-/(|p|) + e < (c + fc + e) -/(|p|) 

so the set A decided by diag-b lies in time((c + k + e) •/). 

Now suppose A E TIME (/). Then [[diag-bj = [[p]] for some program p satisfying 
time v { d) < /(|d|) for all d E ID. Looking at diag-b‘s behaviour on input p, we see that 
Timebound is set to nil-^ CpD , so the timed universal program tu has enough time to 
simulate p on p to completion. Consequently 


W(p) = [diag-b]] (p) = 


false 

true 


if IpKp) ^ false 
if IpKp) = false 


This is a contradiction, which suffices to prove the theorem. 



Some traditional theorems 

The following theorem generalizes Theorem 19.5.3, since the upper and lower time bounds 
f,g may be two quite different functions. 

Theorem 19.5.4 Suppose functions f,g are time constructible, f(n) > n,g(n) > n for 
all n, and lim n ^ 00< g(n)//(n) = 0. Then time i (/)\time i (^) ^ 0. 


Proof. This is very similar to the proof of Theorem 19.5.3, but needs the “padding 
lemma” 14.4.4. □ 
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Corollary 19.5.5 For any e > 0 and k > 0, time 1 (An. n fc+£ )\TlME I (An. n k ) ^ 0. 

The following can be proven directly by diagonal constructions similar to that of Theorem 
19.5.3, though more complex since self-interpreters are less easy to write for languages 
TM or RAM than for GOTO. Alternatively, somewhat weaker versions may be proven using 
Theorem 19.5.4. 

Theorem 19.5.6 Suppose functions f,g are time constructible, f(n) > n,g(ri) > n for 
all n, and lim n _>oo f(n)/(g(n) logg(n)) = oo. Then TIME™(/)\TIME™(#) ^ 0. 

Theorem 19.5.7 Suppose functions f,g are time constructible, f(n) > n,g(n) > n for 
all n, and lim n _>oo f(n)/g(n) = oo. Then time sram (/)\time sram (^) ^ 0. 


Exercises 

19.1 Why can the proof method of Theorem 19.3.1 not be applied to WHILE or GOTO? □ 

19.2 Prove that there are problems solvable by WHILE programs in time r? but not in 

time n 2 . Hint: use the result of Theorem 19.5.4 together with a cost bound on the 
simulation of WHILE programs by I programs. □ 

19.3 Sketch the construction of a universal program for SRAM programs. This can store 

the program to be interpreted in odd memory locations, and can represent program 
memory cell loc in the interpreter’s memory cell 2 • loc. Discuss its running time in 
relation to that of the interpreted program, under the unit-cost asumption. □ 

19.4 For the interpreter of the previous exercise, consider a logarithmic cost which also 
accounts for the cost of instruction access. Thus all times are as in the table given before 
for SRAM instruction times, but with factor log l added to execute instruction in location 

L 

Show that under this cost, the total interpretation time will be bounded by a program- 
independent constant times the interpreted program’s running time. □ 

19.5 Prove the unit-cost version of Theorem 19.3.2 from Exercise 19.3: that linear time 

SRAM-decidable sets possess an infinite hierarchy ordered by constant coefficients, as in 
Theorem 19.3.1. □ 

19.6 Prove the logarithmic cost version of Theorem 19.3.2 from Exercise 19.4. □ 
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19.7 Prove that the following functions are time constructive: 

1 . f(n) = an+ 6, for non-negative integer constants a and b. 

2 . f + g, assuming that f,g are time constructible. 

3. f*g , assuming that f,g are time constructible. 

4. f 9 , assuming that f,g are time constructible. □ 

19.8 We say that a numeric function / : IN —> TV is WHILE-computable if there is a WHILE 
program that computes nil-^ n ) given nil n . Prove, that if / is WHILE-computable then 
there is a function h such that h(n) > f(n) for all n, and h is time constructible. □ 
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20 The Existence of Optimal Algorithms 

(by A. M. Ben-Amram) 


The previous chapter’s hierarchy theorems (19.3.1, 19.4.1, 19.5.3) show that there ex¬ 
ist programs whose running time cannot be improved beyond a constant multiplicative 
factor. We call such programs optimal 1 . 

These theorems construct, from a given time bound T(n), a problem which is solvable 
by an optimal program with running time cT(n) for some c and all n. In practice, 
however, we are typically given a problem that we wish to solve by computer, rather than 
a time bound. We attempt to write a program that will solve it as fast as possible. But 
how fast can a given problem be solved? 

The branches of Computer Science that deal with such questions are the design of 
efficient algorithms and, on the negative side, lower-bound theory. (This book deals 
mainly with the hierarchy and completeness results underlying lower-bound theory.) In 
this chapter we consider what may be the most essential question to begin with: given 
a problem, does there necessarily exist a “fastest” algorithm to solve it? In other words, 
is the goal of algorithm design always well defined? 

One of the major results in complexity theory, Blum’s Speedup theorem, shows that 
there exist problems for which this goal cannot be achieved. For every algorithm to solve 
such a problem, there is another one that is significantly faster. These problems are, 
however, artificially constructed to prove the theorem. It is therefore edifying to discover 
that for an important class of problems that occur in practice an optimal algorithm 
does exist: one whose time cannot be improved by more than a constant multiplicative 
factor. This result is known as Levin’s theorem. In this chapter we formulate and 
prove, first Levin’s theorem, and then Blum’s theorem. We conclude with a theorem 
of a somewhat different flavour, known as the Gap theorem. This theorem shows that 
the results of the hierarchy theorems depend on the time bound T being a “nice” (that 
is, time constructible) function: there exist functions t such that no program can be 
designed to have running time inside some large zone lying just above t. 


Remarks: Levin’s theorem exploits the existence of an efficient interpreter. All of 
these theorems can be proven in a general form that applies not only to running time 

1 Actually, “optimal up to a constant factor” would be a more precise description. 
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but to other reasonable computing resources, e.g. space. We do not go into details of 
this generalization here. 

20.1 Levin’s Theorem 

For R C D x ID the first projection of R is the set 
tti R ={xGD | (Ely G ID) (x,y) G R} 

Definition 20.1.1 Let i^CDxDbea semi-decidable predicate. A function / : ID —» 1D± 
is called a witness function for R if x G ti\R implies (x,/(x)) G R. 

For example, let SAT be the set of satisfiable propositional formulae; recall from Section 
A. 1.1 that eval#R evaluates formula T for truth assignment 6. Let Rsat = {(F,0) | T G 
SAT,eval6tE = true}. Then a witness function for -Rsat would be any function / that 
produces a satisfying assignment for a formula that has one, and produces any answer 
whatsoever (or loops) for an unsatisfiable one. 

The reason that such an / is called a witness function is that problems like SAT are 
often considered as decision problems; for instance, in Chapter 27 we will consider the 
problem of deciding membership in SAT. In this situation, the role of / is to witness 
that a formula is satisfiable. In practice, however, computing / will often be our actual 
goal, since we would not be content just with knowing that a solution (e.g. a satisfying 
assignment, a clique in the graph, etc.) exists. 

Remark: if [r]](d) = T we define time r (d) = oo. 

Theorem 20.1.2 Levin’s Theorem. 

Let R C ID x ID be a semi-decidable binary predicate, so R = dom([[r]]) for some 
program r. Then there is a WHILE program opt such that [[opt]] is a witness function 
for R, and for every program q that computes a witness function / for R, we have 

time opt (x) < a q (time q (x) + time T (x.f(x))) 

for all x, where a q is a constant that depends on q but not on x. Further, the program 
opt can be effectively obtained from r. □ 

Proof will be given later, after discussion of motivations and consequences. 

A brute-force search program for finding a witness immediately comes to mind. Given 
xGDwe just enumerate elements y G D, checking one after the other until a witness pair 
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(x,y) G R has been found 2 . It is quite obvious that this strategy can yield an extremely 
inefficient program, since it may waste a lot of time on wrong candidates until it finds a 
witness. Levin’s theorem states a surprising fact: for many interesting problems there is 
another brute-force search strategy that not only is efficient, but optimal up to constant 
factors. The difference is that Levin’s strategy generates and tests not solutions , but 
programs. 


Problems with easy witness checking. A common situation with many problems is 
that verifying membership of a pair (x,y) in R (checking a witness) is relatively straight¬ 
forward, not withstanding that producing a witness might be difficult. For example, 
verifying membership in Rsat amounts to evaluating this can be done in linear 

time. On the other hand, finding a witness for T is at least as hard as just deciding 
whether the witness exists, a problem complete for nptime. 

This situation holds for a great many problems. For example it has been open for 
many years whether SAT has any solution algorithm at all that runs in sub exponential 
time. The beauty of Levin’s theorem is that, even though no-one knows how fast (say) 
satisfiability can be decided, the construction nonethelss gives an algorithm for it that is 
asymptotically optimal (up to constant factors). 

For Levin’s theorem to be of interest, it suffices that we be able to check witnesses 
efficiently enough so that having the complexity of checking as a lower bound for witness¬ 
searching is acceptable. However, in many cases, it can actually be proved that searching 
for a witness cannot be done asymptotically faster than checking; for instance, this is 
obvious when checking takes linear time (as in the SAT example). 

This is a quite general phenomenon, which led to formulation of the class nptime, 
also called NP (to be discussed at length in Chapters 25 and 27). By definition, all 
problems in nptime can be soved by “guess-and-verify” algorithms, where both guessing 
and verification can be done in polynomial time. The only cause of superpolynomial time 
is that the number of possible guesses is typically exponential in the problem input size, 
and thus too large to enumerate. 

A more sophisticated result that is relevant: by the version we saw of Kleene’s Normal 
Form (Theorem 13.4.3), for any program p there is a predicate R , decidable in linear time, 
such that _R(x,y) is true if and only if y is the computation of p on input x. In this case, 

2 If R is decidable, this is straightforward by testing (x,y) E R for all finite binary trees y, using a loop 
as in Lemma 5.7.1 to enumerate them. If R is semi-decidable but not decidable, then one could use a 
“dovetailing” of computations as in Theorem 5.5.1 to test (x,do) E R?, (x,di) G i??, ... in parallel. 
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finding a witness for x is exactly equivalent to running p on x, and so can have arbitrarily 
high complexity. 

Ease of witness checking is captured in the following definition. (Section A.3.11 
explains the o( ) notation.) 

Definition 20.1.3 We call a semi-decidable binary predicate R easy to check if there is 
a program r such that R = dom([[r]]), and no witness function / can be computed (on 
input x) in o(time T (x.f(x))). □ 

Suppose R is easy to check, and that program r satisfies Definition 20.1.3. Then program 
opt of Theorem 20.1.2 is asymptotically fastest (that is, up to a constant factor) among 
all programs that compute witnesses for R. 

Proof of Levin’s theorem. 

Proof. We make a simple, non-restrictive assumption on the program r: when run with 
input (x.y), if (x,y) G R it gives y as output. Otherwise, it loops forever. 

Recall that the concrete syntax for I programs uses only the atom nil. Enumerate 
ID = {do,di,...} as in Lemma 5.7.1 by programs start and next. We build program opt 
from these parts (a concrete program will be given shortly): 

1. A “main loop” to generate all finite trees. At each iteration one new tree is added 
to list L = (d n ... dido). Tree d n for n — 0,1,2,... will be treated as the command 
part of the n-th I program p n . 

2. Iteration n will process programs p^ for k = n, n — 1,..., 1,0 as follows: 

(a) Run pfc on input x for a “time budget” of at most bk(n) = 2 n ~ k steps. 

(b) If pk stops on x with output y, then run r on input (x.y), so p^ and r together 
have been executed for at most 6*.(n) steps. 

(c) If pk or r failed to stop, then replace k by k— 1, double the time budget to 
bk-i(ri) = 2 n ~ k+1 steps, and reiterate. 

3. If running p& followed by r terminates within time budget bk(n), then output 
[[optj|(x) = y and stop; else continue with iteration n+ 1. 

Thus the programs are being interpreted concurrently, every one receiving some “inter¬ 
pretation effort.” We stop once any one of these programs has both solved our problem 
and been checked , within its given time bounds. Note that opt will loop in case no witness 
is found. 
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The keys to “optimality” of opt are the efficiency of STEP, plus a policy of allocating 
time to the concurrent simulations so that the total time will not exceed, by more than a 
constant factor, the time of the program that finishes first. The following table showing 
the time budgets of the various runs may aid the reader in following the flow of the 
construction and correctness argument. 


Time budget 

Po 

Pi 

P2 

P3 

P4 

P5 ••• 

n - 

= 0 

1 

— 

— 

— 

— 

— 

n - 

= 1 

2 

1 

— 

— 

— 

— 

n - 

= 2 

4 

2 

1 

— 

— 

— 

n - 

= 3 

8 

4 

2 

1 

— 

— 

n - 

= 4 

16 

8 

4 

2 

1 

— 

n - 

= 5 

32 

16 

8 

4 

2 

1 ... 

n - 

• • 

= 6 

• 

64 

• • • 

32 

16 

8 

4 

2 ... 


We first argue that the abstract algorithm just given is correct, then give it in concrete 
program form, and finally analyze its time usage. 


Correctness of the algorithm. Proving correctness of opt has two parts: showing 
that opt produces only witnesses, and that it produces a witness for every x G n\R. First, 
if [[optj(x) = y then [[rj(x.y) terminates, so (x,y) G R. Thus every output of opt is a 
witness for its input. 

Second, suppose x G niR. Claim: there is a pair (n,k) with k < n such that 


1 . 

2 . 


time Vk (x) <2 n k ; and 

time Pk (x) + time T (x.y) < 2 n ~ k where y 


[pfelW- 


Proof of claim: since x G ttiR there exists a pair (x,y) G R. For this y, clearly [[rj(x.y) 
terminates. Choose any program p*. such that y = [[pfc]](x), and choose a value n large 
enough so that 1 and 2 hold. 

The computation of [[optj(x) stops at iteration n or before. This implies [[opt]](x) = 
Jr]](x.y) = y and (x,y) G R, so opt has a witness as output for every input x G ti\R. 
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read X; start; (* Start enumeration of the d J s *) 

Go := true; (* Set up main loop (1) *) 

while Go do (* Iterate until (if) witness found *) 

{ 

LI := L; (* Copy list L = (d n ... di do) *) 

T := (nil); (* Budget: time t = 2 < ' n ~ k ' ) = 1 for k=n *) 

while LI do (* Loop (2): set up to run p^ on x *) 

{ 

Cd := hd LI; St := nil; VI := X; 

T1 := T; (* Copy time bound t *) 

while T1 do (* 2(a): Run p*. on x for t steps *) 

{STEP; T1 := tl T1;} 


if Cd = nil (* 2(b): If p& stopped on x in <= t steps *) 

then (* Prepare to run r on (x.y) *) 

{Y := VI; (* Save y := final variable value *) 

Cd := r; St := nil; VI := cons X Y;} 

while Tl and Cd do (* Run r on (x.y) *) 

{STEP; Tl := tl Tl;} (* for remaining steps *) 

if Cd = nil (* If r stopped on x in time left *) 

then {LI := nil; Go := false;} (* then stop! *) 


if Go then (* (2c): If p& or r failed to stop *) 

{LI := tl Ll;(* k := k -1 *) 

Tl := T; (* Double time budget t := 2^ n ~ k ^ *) 

while Tl do 

{Tl := tl Tl; T := cons nil T;} 

} (* End of if Go *) 

next; LI := cons New LI; 

} (* End of 2(a-b-c) *) 


} (* End of loop (1); try n := n +1 *) 

write Y 

Figure 20.1: Program opt. 


A program for opt. Let STEP be the WHILE macro used in Lemma ?? to execute an 
arbitrary I program. This uses variables Cd, St and VI to contain the control stack, 
computation stack, and current value of the (unique) variable, respectively. By the proof 
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of Proposition 4.1.1, any single step of the interpreted program is simulated by at most 
two applications of STEP. 

Program opt is built from STEP and start, next of Lemma 5.7.1, and can be seen in 
Figure 20.1. The list of all elements of D considered to date is maintained in variable L, 
with a local copy LI. The time budget is maintained in variable T, with a local copy Tl. 

The main loop of the program is (1). During its n-th iteration, the inner loop (2) 
first applies STEP to simulate each program on LI on input x for 2 n ~ k steps. 

Program opt stops once one of the programs yields an output y (loop (2a)), provided 
that value has been verified using r without overrunning the time budget (loop (2c)). 
Faithfulness to the informal algorithm above should be clear. 

Time analysis of opt. The following are easy to establish for n > 0. The phrase 
“simulation of p*.” includes running both p^ and subsequently r (Steps 2(a) and 2(b) 
above). 

(1) The time for each iteration of the main loop, outside the code to simulate p^ by 
STEP or to double £, is bounded by c^n where Co is a constant and n is the iteration 
number (cf. Exercises 5.11, 5.12). 

(2) In iteration n, STEP is applied to n + 1 programs: p n , • • • ,Pi,Po- 

(3) In iteration n, program p& is simulated for a number of interpretation steps, no 
larger than 2 n ~ k . 

(4) The total time to maintain time counter t is of the order of 1 + 2 + ... + 2 n ~ k = 
2 n—fe+i_ 1? thus 0 ( 2 n ). 

(5) The total time for iteration n is bounded by the sum of the times for the p&: 

n 

Co n + Yi c\2 n ~ k + c 2 2 n < c 3 2 n 

k =0 

for constants Co, •.. , C 3 and all n. 

( 6 ) The total time up to and including iteration n is bounded by C 32 n+1 . 

Another important fact has already been demonstrated in Section 19.2 on “timed in¬ 
terpreters”: if program q, followed by program r, terminates within time £, then 2 1 
invocations of STEP are enough to bring the interpretation to completion. 

Now let x be the input to opt, and suppose that a program q computes a witness y 
for x. Thus, running q followed by r will yield the output y in time 


£ q:r (x) = time q (x) + time r (x. y) 
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Sure enough, q appears somewhere in the enumeration of all I programs; say q= p&. 
Choose n so that 

2 n ~ k < 2t q;r ( 

If program opt reaches iteration n and simulates q = on x, it will have enough time 
to simulate both q and r to completion. The effect is that opt will yield its result within 
time 


x) < 2 


n +1 —ac 


time 0 pt (x) < c 3 2 n+1 < c 3 2 k+1 2 n ~ k < c 3 2 k+ \, r (x) 

The other possibility is that program opt has already stopped earlier and so does not 
reach iteration n + 1 to simulate q = p^ on x because another simulated program was 
successfully completed and checked. In this case time opt (x) is even smaller. 

We conclude that time opt (x) < C 32 fc+ 2 £ q;r (x). Since 2 fe+2 is a constant that depends 
only on q, the proof is complete. □ 

Final remarks. Levin’s theorem shows, that for a large class of important problems, 
we can obtain an “optimal” program with only the effort of devising a solution checker. 
This is obviously a tremendous reduction of the effort in developing programs for many 
practical problems. However, this is also an example of how important it is to observe 
that a constant factor is program-dependent. Program opt is slower than program p^ 
by the factor c^2 kJr2 . Note that k is the number in the enumeration of the program 
Pfc. If our problem is indeed complicated, we can expect even the smallest program that 
solves it to be quite large; if it appears at, say, position piooo? then opt will be slower by 
c 3 -2 1002 . Conclusions: 

• Assuming that checking a solution is indeed easy (as often happens), the only 
achievement that can be claimed by the hard-working algorithm developer is a 
saving on the constant factor! 

• “there is no free lunch”: since the constant factor is enormous, there is still point 
in spending energy on devising programs to solve problems directly. 


20.2 Functions arbitrarily hard to compute 

Blum’s Speedup theorem involves two techniques: a diagonalization argument more sub¬ 
tle than that seen before in Theorem 5.3.1; and a search process executing programs 
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under a time budget, similar to that used in proving Levin’s theorem. Before proving 
Blum’s result, we establish a simpler result that uses the same sort of diagonalization. 

We define the following simplifying framework for the proof, only considering input of 
the form nil 71 . A program accepts a set of integers, in the sense that it program accepts 
n if it outputs a non-nil value for input nil n . The time complexity of program p, then, 
can be expressed as a function on TV, namely t v (n) = time p (nil n ). 

On diagonalization. In Chapter 19 we used diagonalization to prove the hierarchy 
theorem. In this chapter we use diagonalization in a slightly more involved manner, so 
it may be useful to present first a general form of the diagonalization argument. 

Let Q be a set of programs. We wish to construct a program p and ensure that p ^ Q. 
We construct p so [[pj ^ [[qj for all q G Q. More explicitly, p will be built so for every 
q G Q there is at least one input d such that [p]](d) differs from [[qj(d). 

Such a q will be said to have been “killed.” We construct p so every q G Q will be 
“killed” at some stage during p’s computations, thus making p G Q impossible. This is 
done by inverting q’s output for some input d, so [[p]](d) = true if [q]](d) = false and 
false otherwise. 

The following shows that there exist problems arbitrarily hard to solve, no matter what 
algorithm is used. The result is stronger than Theorem 19.3.1 since the lower bound on 
run time applies to all but finitely many inputs. 

Theorem 20.2.1 For every total recursive function g : IN —» IN there exists a total 
recursive / : IN —» {true, false} such that if / = [p]] for any program p, then £ p (n) > g(n) 
for all but finitely many n G IN. □ 

Proof. The proof uses some ideas from the proof of Levin’s theorem 20.1.2. We 
assume that the reader is familiar with this, and now just give a sketch. Let po, 
pi, p 2 ,. .. enumerate all I-programs. Program p^ can be generated by code start; 
next; . . . ; next with k occurrences of next (as in the proof of Levin’s theorem). 

Call program p “quick on m” if t p (m) < g(m). Our goal is to find a function / such 
that / = p implies p ^ Q, where Q is the set of programs that are quick on infinitely 
many inputs. This is done progressively. The value of any f(n) is computed in stages: 
for each m = 0,1,2 ,..., n we construct two sets 

Dead m = Those programs p^ that have been “killed” so far 

Quick m = All programs p^ with k < m that are not in Dead m _i 

and are “quick” on m 
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read n; 

Dead := 0; (* Programs that have been killed *) 

for m := 0 to n do (* Compute /(0), f(n) *) 

Quick := 0; (* Programs that run with time <= g *) 

for k := 0 to m do (* Iterate on different inputs *) 

if k ^ Dead and £ Pk (m) < g(m) (* Collect unkilled pgms *) 
then Quick := Quick U {k}; (* quick on input m *) 

if Quick ^ 0 (* Now compute f(m) *) 


then k := the smallest index in Quick; 

Dead := Dead U {k}; 

Quick := Quick \ {k}; 

Answer := ^[[p k J(m) (* The value of f(m) *) 

else Answer := true; 

(* End of all the loops *) 

write Answer 

Figure 20.2: A function that is hard to compute. 


The set sequences will be monotone: r < s implies Dead r C Dead s and Dead r UQuick r C 
Dead s U Quick s . 

The value of f(n) will be made different from p k(n) where k is the smallest index in 
Quick n , assuming this set is nonempty. Function / is (by definition) computed by the 
program of Figure 20.2. This program reads n, then computes Dead^,Quick^,/(z) in turn 
for i = 0,1,... ,n, and finally writes f(n). It is evident that / is total. 

In the program (which omits the subscripts on Quick and Dead) any index k such 
that £ Pk (m) < g( m) for some value k < m < n will be entered into Quick, unless already in 

Dead. 

For each n, the value of f(n) is defined so as to make f ^ [[pfc]] for a new p& in Quick. 
(This happens provided Quick is nonempty, which will occur infinitely often.) When 
program p^ has been killed, it is removed from the set Quick and placed in set Dead. 

Suppose now that / = p r . By construction [[p^]] ^ f for every element k put into Dead, 
so r is not in any set Dead m . Suppose further that program p r is fast on infinitely many 
inputs. Then it is also fast on infinitely many inputs no,ni,... larger than r (see Figure 
20.3 for a pictorial representation). For every one of these of these, r will be entered 
into Quick ni (since r is not in Dead n? .). Eventually r will be the smallest index in some 

Quick n ., at which point it will be added to Dead n .. A contradiction arises because of the 

2 2 
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Figure 20.3: Program p r is quick infinitely often. 


assumption that / = Jp r ]|: 

f(rii) = Answer = -•[[prK n i) = “■/(«*) 

□ 


20.3 Blum’s Speedup Theorem 

Theorem 20.3.1 For any total recursive function h there exists a total recursive func¬ 
tion / such that for any program p computing /, there is another program p' such that 

/ = M = Ip']] ^ an( i f° r a ^ but finitely many d G ID 
time p (d) > h(time^r(d)) 

To appreciate the significance of this theorem, let h be a “fast growing” function such 
as 2 n . The theorem says that there is a function / such that, for every program po you 
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choose for computing /, there is an infinite sequence of programs pi, p 2 ,... which all 
compute /, and such that every p^+i is exponentially faster than p^ for all but finitely 
many inputs. Interestingly, the proof shows the existence of these programs, but it can 
also be shown that there is no algorithm which can construct a p^+i from p i. 

Proof. The proof of Blum’s theorem uses some ideas from the proof of Levin’s theorem 
20.1.2 and some from Theorem 20.2.1. We assume that the reader is familiar with them, 
and now just give a sketch. 

We further assume the “speedup” function h to be time-constructible. This is no 
loss of generality, since a time-constructible function always exists “above” h (see Ex¬ 
ercise 19.8). Further, we assume that h(n) > 2 n for all n, and h is monotone. We let 
h^ k \x) = h(h(.. .h(x )...)) with k applications (and h^\x) =x). 

We now describe a “diagonalizing” program blum and define / = [[blum]]. In the 
construction below, we use the STEP macro to simulate programs concurrently in the 
manner of Section 20.1, with two modifications. 

First, the checking phase using the program r is irrelevant to the current construction. 
Secondly, we modify the computation of the number of steps t. In the proof of Theorem 
20.1.2, t began at 1 and was doubled after every round of simulation, so that on iteration 
n, we performed 2 n ~ k interpretation steps on behalf of p^. In the current construction, 
t will be replaced at the end of each round by h(t), so p& is interpreted for h^ n ~ k ^ steps. 

On input n, the main task of program blum is to compute a set Dead n C {0,1,2,.. . ,n}. 
By computing a set we mean, creating a list of its elements (in nil 2 notation). Note that 
checking whether k is in the set, using this representation, takes 0{n 2 ) time. 

Computation of Dead^. If n = 0, Dead n is empty. For n > 0 compute Dead n _i first. 
Next, perform precisely n iterations of the following generate-and-simulate loop. During 
the loop, we maintain a list Quick n of programs to be “killed”. Initially Quick n is empty. 
Iteration m will process programs p^ for k = m,m — 1,..., 1,0 as follows: 

1. Run pk on input m for a “time budget” of at most t = h^ 7n ~ k \ 1) steps. 

2. If k ^ Dead n _i and p^ stops on m with output y, then add k to Quick n . 

3. Replace k by k— 1, and change the time budget to t := h{t) = /? y ( rn_ ( fc ~ 1 ))(l) steps. 

Once n iterations have been completed, we define Dead n as follows: if list Quick n is 
empty, Dead n = Dead n _i. If it is not, Dead n is Dead n _i plus the lowest index that 
appears on Quick n (note that it is necessarily not in Dead n _i). 
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read n; 

Dead := 0; (* Programs that have been killed *) 

for m := 0 to n do (* Compute /(0), f(n) 

*) 

Quick := 0; (* Programs to be killed *) 

T := 1; (* Time budget t = h^ rn ~ k \ 1) for k = m 

*) 

for k := m, m-l,...,0 do (* Iterate on different inputs *) 

if k ^ Dead and £ Pk (m) < T (* Collect unkilled pgms *) 

then Quick := Quick U {k}; (* that stopped in time *) 

T := h{ T); (* Increase time budget and decrease k *) 

if Quick ^ 0 (* Now compute f(m) 

*) 

then k := the smallest index in Quick; 

Answer := -i[[p k ]](m); (* The value of f(m) *) 

Dead := Dead U {k}; 

Quick := Quick \ {k} 
else Answer := true; 

(* End of all the loops *) 

write Answer 

Figure 20.4 : A program to compute Blum’s function. 


Completion of the program. The program is completed by removing from Quick n 
the smallest index /c, and "killing” program p^ by setting the output of blum to true if 
p/j. on input n yields false, and false otherwise. Figure 20.4 contains this algorithm in 
program form. 


Time analysis. 

h^~ k \ 1 ). 


Clearly (1) > 2 k . Thus the “budget” for p^ in iteration n is bk(n) 



Claim 1: Let p be any I program such that [p] = [blum]]. Then (3k)t p (n) > bk{n) for 
all but finitely many n. 

Proof: Since the enumeration p* includes all I programs, there is a k so that p = p/c. 
Assume to the contrary that £ p (n) < bk(n) for infinitely many values of n. In particular, 
infinitely many such values are larger than k. For each such value, the generate-and- 
simulate loop will generate p and find that it terminates within its budget of bk(n) steps. 
Hence it will put it on Quick (unless it has been killed already). Since for every n, 
the lowest index on Quick is killed, k will eventually be killed. This contradicts the 
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hypothesis that [[p]] = [[blum]]. 

Claim 2: The running time of the iteration that computes Dead n from Dead n _i is 
bounded by C 2 h^ n+1 ^(l) where C 2 is a constant. 

Proof : This is rather similar to the analysis for Levin's theorem. It is straightforward 
fromthe estimations already performed, since we used the generate-and-simulate loop, 
and only added the effort of lookup in Dead for programs that terminate; this effort takes 
at most 0(n 3 ) time, which (due to the growth rate of h) is bounded by ci/z/ n+1 )(l) for 
an appropriate constant c\. 

Claim 3: For every k > 0 there is a program blum^ such that [blum/c]] = [blum]] and 
4ium fc ( n ) < hb l ~ k ~ l \ 1), for all but finitely many n. 

Proof : Let ko = k + [logC 2 ] +3. Let no be a value of n such that no program among 
Po>Pi>P 2 >* • • >P k 0 is killed for n > n Q (observe that such an n 0 always exists). Pro¬ 
gram blum/c is a “shortcut” version of program blum, that skips the computation of 
Deado,Deadi,... ,Dead n() . Instead, it has Dead n() initialized as a quoted constant. This 
actually only helps if the input n is larger than no; for n < no the program does the same 
as blum. However for larger n the time of computing Dead n() is saved. 

Also, in the generate-and-simulate loops for no + l,no + 2,... ,n it is not necessary to 
simulate p j for any j < ky (this follows from the definition of no). We next compute the 
running time of blum^ for n > no- 

A simple modification of Claim 2 above shows that the iteration that computes 
Dead n from Dead n _i now runs in time C 2 ^ n+1_fc o)(l). Summing over the iterations 
for Dead n()+ i,Dead n()+ 2 ? • • • ,Dead n we obtain the bound: 


n 

c 2 y /i (n+i - fe o)(i) 

i=n 0 +1 


< 

< 

< 



This completes the proof of the claim. 

We are ready to complete the proof of Theorem 20.3.1 (modulo the simplifying frame¬ 
work). Let p = p/e be an arbitrary program such that [[p] = [blum]. Using Claim 3 we 
obtain a program blum^ such that [bluing] = [p], and for all but finitely many values of 
n, 
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On the other hand, by Claim 1, 
tp(n) > b k (n ) = h^~ k \ 1) 

Combining the last two inequalities and using monotonicity of h, we get 

^p(^) ^ ^'(^blumfc (^)) 

and the proof is complete. □ 


20.4 The Gap Theorem 

The Gap theorem shows that for an arbitrarily chosen computable increase in time 
bounds, there exist functions such that applying the increase to the bound does not 
enlarge the class of decidable problems (in sharp contrast to the hierarchy results of the 
last chapter). The theorem provides such a function that satisfies a pair of conditions, 
one an arbitrarily chosen computable lower time bound g and another, h, that defines 
the amount of increase to be applied. 

Theorem 20.4.1 The Gap Theorem. For any (arbitrarily large) total recursive func¬ 
tions g : D —> TV and h : IN IN such that (Vn) h(n) > n, there is a total recursive 
function t : ID —> TV such that (Vd) t( d) > g( d) and for every I program p we have 

time p (d) < h(t( d)) => time p (d) < t( d) 

for all but finitely many values d. 

Thus, time bound hot is not “stronger” than t when infinitely many inputs are considered. 
Note that by the assumption on h, we have hot>t, so the statement is significant. We 
say that there is a complexity gap between t and hot. 

Proof. First define a macro TEST that accepts as input a tree variable X and an integer¬ 
valued variable iV, and gives a Boolean result. Macro TEST generates I programs 
pi,P2,... ,pj until p j = X (this will happen because our enumeration process generates 
all trees). Using the timed interpreter from the previous chapter, TEST runs each gener¬ 
ated program for at most h(N) steps on X. If any of these programs terminates within s 
steps where N < s < h(N) the result of TEST is false. Otherwise it’s true. 

We now use the macro TEST to write a program that computes a function t: ID —» IN. 
On input X, the program computes n = g(X), then repeatedly applies TEST to X and 
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7V = n,n+l,n + 2,... until true is obtained. The result, £(X), is the last value of N. We 
claim that function t is total, and satisfies the theorem. 

Proving that t is total amounts to showing that the loop in the program will always 
terminate, i.e., that TEST eventually yields true. To this end, note that all the calls to 
TEST run the same set of programs on the same input, X. Among these programs, some 
may terminate on input X, while others do not. Let r be the largest number of steps 
that a program that does terminate takes to do so. Then unless the loop stops for some 
N < r, it will surely stop for N = r+1 (the reader may care to verify this). 

To prove that t satisfies the theorem, suppose that for some program p, time v {d) < 
h(t( d)). Suppose that p = d or appears before d in the enumeration of trees; then p is 
among the programs enumerated by TEST in computing t( d). Note that t( d) is defined as 
a value of N for which TEST yields true. This means, that time p ( d) < t( d), for otherwise 
TEST would have yielded false. 

We conclude, that time ? (d) < h(t( d)) => time v (d) < t( d), except possibly if p appears 
later than d in the enumeration of trees. But this case applies to finitely many d. □ 
The statement of the Gap theorem would not be very surprising if, when we relate the 
time bound t( d) to the size of d, we find that t does not grow monotonically with |d 
but keeps oscillating up and down. For then hot would also be such an oscillating func¬ 
tion, and why would any program have a running time that is “sandwiched” between 
such strange bounds? Actually the gap feature is not restricted to such functions. Ex¬ 
ercise 20.8 shows, that the theorem can be modified to guarantee that t is monotone 
increasing in |d . 

Another natural question to ask is, where do we find these strange time bounds? 
For instance, could they be polynomial? Versions of the Gap theorem that describe the 
growth rate of the function t have been proven, but are beyond the scope of our book. 
However, exercise 20.9 gives an illustration of the fact, that these functions would in 
general be very fast-growing. 

Exercises 

20.1 The proof of Levin’s theorem assumes program q to be coded in language I, while 
opt is a WHILE program. Explain why this discrepancy does not affect the result. □ 

20.2 * What is the space complexity of opt? In particular, how does it relate to the 

space consumption of a given program q for the problem in question? □ 
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20.3 Suppose we change every “semi-decidable” in Levin’s theorem to “decidable,” and 

require r to halt on every input, with some appropriate convention to signal whether the 
checking was successful or not. Would then opt halt always? □ 

20.4 Prove a version of Levin’s theorem for space complexity (it suffices to explain the 

differences from the given proof). □ 

20.5 Give an upper bound on the time required to compute function / in Theorem 

20 . 2 . 1 . □ 


20.6 * Extend the proof of Blum’s theorem to cover arbitrary inputs. 



20.7 Section 20.3 claimed that Blum’s theorem establishes the existence of a faster 
program p', but there is no algorithm to construct it, given p. However, from the proof 
of the theorem we know that blum^+i is that faster program. Why doesn’t the proof 
imply an algorithm to obtain the faster program? In other words, why is the construction 
of blunifc+i not effective? □ 


20.8 Modify the proof of Theorem 20.4.1 to ensure that function t will increase when 
dl is increased. □ 


20.9 * Let us restrict attention to time bounds which only depend on the size of the 
input, t(d) = /(|d|). Demonstrate that for some constant a > 0, it is not possible to find 
such a time bound t such that there is a “gap” between t and at , and 0 < f(n) < n 2 . 
Hint : Design a program pi such that for every odd n and 0 < i < n 

(3d )i < time Pl (d) < ai 

for an appropriate constant a. Design another program p 2 whose time similarly lies 
between in and ain. Show, that for t,f as above, and for infinitely many inputs, one 
of these programs will have its running time inside the intended “gap.” Remark: It is 
actually possible to generalize this result to any polynomial function of n (instead of n 2 ). 

□ 
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21 Space-bounded Computations 


We have hitherto emphasized computation time. There is a similar but somewhat differ¬ 
ent way to classify problems according to how much memory space is required to solve 
them. For simplicity of exposition we limit ourselves to imperative languages in which 
a computation is a linear sequence of states, i.e. all the languages seen so far except the 
functional languages 1 . 

For the computation models of Chapter 7 the input is contained in the initial store, 
which always has length at least |d|, i.e. space linear in the size of the input. In other 
words, there are no problems solvable in sublinear space in the models given earlier. 

In general, linear space decidable sets can take exponential time to decide; and no 
better bound is known (see Theorem 21.5.2). This time bound is intractable, i.e., well 
beyond the running time of practically usable algorithms. This motivates a study of 
space bounds that are small enough to give running times closer to practical interest, 
i.e., the study of space bounds smaller than |d|, the length of the input d. 

A solution to this problem is to use “offline” models that allow only read-only access 
to an input value d and, when measuring program space consumption, to count only the 
“workspace” that is used beyond the input length. (This is intuitively reasonable, since 
read-only input will remain unchanged during the entire computation.) For the moment 
we are only interested in decision problems expressible by a yes-no answer, and not in 
computation of functions. 

In order to study space-bounded computations, we will equip Turing, counter, or ran¬ 
dom access machines with a read-only input , instead of the earlier device of incorporating 
the program input value into its initial state. A motivation is that it will become possible 
to analyse computations in sublinear space , i.e. using space smaller than the size of the 
program input, thus bringing space-limited computation nearer practically interesting 
problems than before. 

The models will later be extended to allow output as well. This will be write-only , 
symmetric with the read-only restriction on input, in order to maintain the separation of 
work storage from storage used for input-ouput data. Classes of functions computable in 
limited space analogous to the above time-bounded decidable classes will turn out to be 
quite useful for investigating complete , i.e. hardest problems for the various complexity 

1 Functional languages can also be classified spacewise, but require more subtle definitions because of 
implicit space usage caused by recursion. 
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classes. Of special use will be those computable in logarithmic space. 

21.1 Space-bounded computation models 

21.1.1 Space measures for imperative machine models 

The following is to be regarded as a generic definition, parametrized by the definition of 
state space or size used for the various machine types. Precise definitions of these will 
be given shortly. 

Definition 21.1.1 Let p = 1 : Ii.. .m : I m be any imperative program in some language 
L, and let p b si —* S 2 —> ... —» s t be a terminating computation with s i = (1, Readin(d)) 
for some input value d G L— values. Then by definition (parametrized on the length |s| 
of a state s): 

space^(d) = max{|si|, |s 2 |, . |s t 1} 

Turing machine space usage is the standard used to define space-bounded computation. 
First, we define this for the multitape Turing machines seen earlier in Section 7.3. 

Definition 21.1.2 Let p be a k- tape Turing machine program. We define the length of 
a state s= (£,cr), where i is the instruction counter and a = (LiS 1 Ri,...,LfcS fc Rfc) is a 
/c-tuple of tapes, to be 

s — maxdLxS-^Ri , h/cS^R^I) 

□ 

21.1.2 Some read-only machine models and their space or size 

usage 

The read-only Turing machine variant has read-only access to its input d. Further, only 
the “workspace” that is used beyond the input data will be counted. (This is intuitively 
reasonable, since read-only input will remain unchanged during the entire computation.) 
A pictorial representation may be seen in Figure 21.1. 

Definition 21.1.3 A read-only Turing machine TMro is a two-tape Turing machine 
whose input is a string d in {0,1}*. Its instructions are as follows, where subscript 
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. . . B B 34 cL 2 • • • 3-n B B . . . 


Tape 1 (input) 



Finite 

state 

control 

(program) 


BOO 1 1 1 IB ... 


Worktape (initially blank) 


Figure 21.1: An offline Turing machine. 


u = 1 indicates that the two-way read-only input tape 1 is involved; or u = 2 indicates 
that the two-way read-write work tape 2 is involved. Instruction syntax is as follows: 


Tape 1: I ::= righti | lefti | ifi S goto £ else £' 

Tape 2: I ::= right 2 | left 2 | if 2 S goto £ else £' | write 2 S 

Symbols: S ::= 0 | 1 | B 

A tape together with its scanning position will be written as .. .BLi^RiB ..., where the 
underline indicates the scanned position. We assume the program never attempts to 
move right or left beyond the blanks that delimit the input, unless a nonblank symbol 
has first been written 2 . 

We define the length of a read-only TMro state s = (£,<r), where £ is the instruction 
counter and a = (.. .BLiS 1 RiB...,.. .BL 2 S 2 R 2 B...), to be \s\ = |L 2 S 2 R 2 1, formally expressing 
that only the symbols on “work” tape 2 are counted, and not those on tape 1. □ 

Definition 21.1.4 A read-only counter machine CMro is a register machine whose input 
is a string d in {0, l}*. Input access is by instruction if In Ci = 0 goto £ else £!, which 
tests symbol in input d = aia 2 . • . a n indirectly: index k is the value of counter Ci. 
Data initialization sets counter CO to n, giving the program a way to “know” how long 
its input is. 

I ::= Ci := Ci + 1 | Ci := Ci - 1 | Ci := Cj 

if Ci=0 goto £ else £' | if In Ci =0 goto £ else £' 

2 This condition simplifies constructions, and causes no loss of generality in computational power, or 
in time beyond a constant factor. 
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Storage has form CMro -store = (d,cr) G {0, l}* x { o \ o : IN —» IN} where d is the input 
data and a(i) is the current contents of counter Ci for any i G IN. The counter values a 
are initialized to zero except for CO: initially, 

a = [0 i—> |d|,l 0,2 0,...] 

A state has form s = (T, (d, a)), where I is the instruction counter. The effect of instruction 
execution is as expected from the syntax, plus definition of the effect of instruction if 
In Ci =0 goto I else I'. Informally: if 1 < i < n and = 0 then control is transferred 
to 1^/, else to I in. 

We define the space of a read-only CMro state s = (T, (d,cr)) to be 

s|= E lo g( CT (*)) 

cr(p/0 

where logn is the number of bits required to represent v. This formally expresses that 
only the space usage of nonempty registers (measured in bits) is counted. □ 

Remark: This differs slightly from the counter machines seen earlier in Section 7.4, in 
that input is a bit string instead of a number. 

21.1.3 Comparing ordinary and read-only machines 

The following easily proven propositions assert that, as far as space usage is concerned, 
multiple tapes are only essential when considering computations that use space less than 
the length of the input. 

Proposition 21.1.5 For any k -tape Turing machine p such that space™ (d) > |d| for any 
input d, there exists a 1-tape Turing machine q with [[pj™ = [[qj™ and a constant a such 
that space™(d) < a- space™( d) for any input d. 

Corollary 21.1.6 If p is a read-only Turing machine such that space™ ro ( d) > |d| for all 
inputs d, there is a 1-tape Turing machine q with Jp]]™ ro = [[qj™, and a constant a such 
that space™ (d) < a ■ space™ ro (d) for any input d G {0,1}*. 

Proof. Exercises 21.1 and 21.2. □ 

Essentially the same results hold for counter machines. Hints for the straightfoward 
proofs are give in Exercises 21.3, 21.4. 
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Proposition 21.1.7 For any counter machine p as in Section 7.4 there exists a read-only 
counter machine q and a constant a such that for any input v G IN: 

[qIl CMro (cEv(iO) = ccv([p]] CM (f)) and space™™ (cm (v)) < a- space™ (v) 

Proposition 21.1.8 For any read-only counter machine p such that space^ nro (d) > |d| 
for any input d, there exists a counter machine q as in Section 7.4 and a constant a such 
that for any input v G IN: 

czzv([qJ CM (v)) = [p]] CMr °(c/iv(^)) and space™ (v) < a-space™* 0 (c IN (v)) 


21.1.4 Space-bounded classes of programs and problems 

Definition 21.1.9 Given programming language L and a total function / : IN —» IN , we 
define classes of space-bounded programs by 


1. L s P ace U) = {pG L -program \ spaceN d) < /(|d|) for all d G L -data} 


2 jJ,ogspace _ ^J°° j^space(Xn . /clogn) 


^ -^pspace _ |^J 


t space(f) 
f a polynomial ^ 


The corresponding classes of problems solvable within limited space are easy to define: 
Definition 21.1.10 Given programming language L and a total function / : IN —» IN 

1. The class of problems L- decidable in space f is: 

SPACE L (/) = {AC L -data \ A is decided by some p G L space G( n )| 

2. The class of problems L- decidable in logarithmic space is: 

LOGSPACE l = {Ac L -data I A is decided by some p G L l ° 9Space } 

3. The class of problems L- decidable in polynomial space is: 

PSPACE l = {AC L -data | A is decided by some p G L pspace } 
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21.2 Comparing space usage of Turing and counter 

machines 

We now show that Turing machines and counter machines are equivalent as regards space 
usage. First-time readers may skip this section without loss of continuity. 

Theorem 21.2.1 For any / with f(n) > max(logn,l) 

(J SPACE ™ ro (c/) = (J SPACE CHlo (df) 

c d 

Corollary 21.2.2 For any f with f{n) > n 
|JsPACE™(c/) = (JsPACE CM (d/) 

C d 

Proof. The corollary is immediate from Theorem 21.2.1 and the preceding propositions. 
Two constructions follow to prove Theorem 21.2.1, one building from an /-space-bounded 
Turing machine program a corresponding counter machine operating in the desired size 
bound, and another construction in the opposite direction. We leave it to the reader to 
verify that the constructed programs decide the same sets as their sources, that is that 
the simulations are faithful. This should not be surprising, as each program simulates 
the operations of the other in exactly the same order, so it is only important to verify 
that the desired space bounds are preserved, and that the two programs’ states continue 
to correspond properly. □ 

Construction 21.2.3 A G SPACE™ ro (c/) implies A G IJ d SPACE CMro (d/)). 

Representation of TMro storage in a CMro program. A TMro total state is 
s = (£,... BLiS 1 RiB....... BL 2 S 2 R 2 B • • •) 

where £ is the instruction counter. Assume A G SPACE™ ro (c/). Clearly the scan¬ 
ning positions on both tapes can be represented by counters, each no larger than 
2 + max(n,c/(n)) < 2 2c ^ n \ The idea of the simulation is to represent the work tape 
contents by two counters, each no larger than 2 2c ^ n \ and to simulate operations on 
both tapes by corresponding counter operations. 

A work tape containing bi... b^... b m where m < cf(n) can be represented by a pair 
of numbers /,r, where 
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• l is the value of bi... b* as a base 3 number (counting B as digit 0, 0 as digit 1, and 
1 as digit 2), and 

• r is the value of b m b m _i... b^+i, also as a base 3 number. 

The work tapes are initially all blank, so l = r = 0 at the simulated computation’s start. 
Since m < c/(n), we have 

l,r< 3 c/(n) <4 c/(n) 

Putting these together, we have two counters to represent the input and work tape 
scanning position, and two counters to represent the work tape contents. The effect of 
moving a work tape head right one position can be simulated by arithmetic operations: 
l := 3 • l + (r mod 3) 

r := r-G 3 

and similarly for moving left. It is easy to see that these operations can be done by 
counters. Testing the scanned square’s contents amounts to a test on l mod 3, also easily 
done. 

These counters are all bounded in size by 2 2c ^ n ^ and so by 2c/(n) bits; and collec¬ 
tively represent the Turing machine’s total state. Each Turing machine operation can be 
faithfully simulated by operations on counters, concluding the construction. □ 

Construction 21.2.4 A G SPACE CMro (d/) implies A G (J c SPACE™ ro (c/): 

Representation of CMro storage in a TMro program. Suppose p is a CMro program, 
and d = aia 2 ... a n is an input. The CMro input aia 2 . • . a n will be present on tape 1 of 
the TMro. 

The TMro code to simulate p will represent each variable Ci by a block of bits on 
the work tape containing the binary representation of value j of Ci. Some TM data 
initialization is needed, as the initial value of counter CO is n. It is easy to write TM code 
to accomplish this; the main task is to construct the binary representation of value n 
(which occupies logn bits, whence the lower bound on /). 

Each CMro counter Cl, C2,... ,Ck is assumed to have length at most df(n) bits. One 
may think of having as a new symbol the marker 2, so the work tape form would be 



. ..B B Block! 2 Block 2 2...2 Blocks B B... 
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The same effect can be achieved without the extra symbol 2 by a simple data encoding 
into 0, 1, at most doubling the tape space. Since there is a fixed number k of CMro 
variables, the total amount of work tape storage, including markers to separate the 
blocks, is at most a constant times f(n) bits, as required. 

Each CMro operation is straightforwardly simulable by the Turing machine. For ex¬ 
ample, command if In Ci =0 goto £ else £' can be realized by steps: 

• Locate the block containing the value j of Ci, and copy it into another block for 
use as a counter c. 

• If 1 < c < n then continue, else goto the code simulating £. 

• Move to the left end of input tape 1 containing aia 2 . . . a n . 

• If c = 1, the input symbol a j has been found and may be tested for zero. 

• If c > 1 then decrement it by 1, scan forward one symbol on the input tape, and 

repeat from the previous step. □ 

21.3 Relation of logspace to counter machines and 

ptime 

Corollary 21.3.1 LOGSPACE™ = LOGSPACE cm 

Proof. Immediate from Theorem 21.2.1. □ 

Corollary 21.3.2 LOGSPACE C PTIME 

Proof. Suppose A G LOGSPACE is decided by some Turing machine p with m instructions 
in space klogn for some k and all inputs of length n. Then p cannot run for more than 
m- (n + 2) -3 Hogn steps, else it would have repeated a state and so be in an infinite loop. 
This expression is certainly polynomial-bounded, since a logn = n loga for any a,n > 0, and 
so 3 fclogn = n klog3 . □ 


21.4 Robustness of pspace 

Theorem 21.2.1 gives a pleasingly tight connection between the space used by Turing 
machine computations and the sizes of counters used by counter machines solving the 
same problems. Further, any counter machine is also a RAM, so we now briefly consider 
the translation compiling RAM to TM from a memory usage perspective. 
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The amount of Turing machine tape used by a translated program can be assumed to 
be bounded by the sum of the lengths and addresses of the nonzero RAM memory cells 3 . 
Now every nonconstant address must have first appeared in a register; so if the RAM 
program uses at most space /(d) bits of storage on input d, then the simulating Turing 
machine uses at most linearly more space. 

From this (informal) argument we can conclude PSPACE™ = PSPACE™ = PSPACE RAM . 
Therefore we henceforth often write PSPACE rather than PSPACE™. 

Extending this result to GOTO programs has some complications that require a more 
subtle implementation; the complications and an alternate implementation are sketched 
below. 


Storage usage in GOTO programs. 

The original tree-based semantics gives unrealistically high space measures for two rea¬ 
sons. First, the tree model did not account for sharing, whereas an assignment such as 
X:=cons X X should clearly not double the memory assigned to X. 

A second problem is that even if the more realistic DAG model of Section 17.1.1 is 
used, it often happens that nodes become inaccessible. For example, consider the trans¬ 
lation compiling a Turing machine program to an equivalent GOTO seen in Section 18.2. 
Without accounting for unreachable nodes, this would require space roughly proportional 
to the simulated Turing machine’s running time , since every tape head motion is simu¬ 
lated by a cons. This is far in excess of what seems reasonable. The following seems to 
be a fairer definition: 


Definition 21.4.1 A space measure for the flow chart language GOTO: Consider the se¬ 
mantics of Section 17.1.1 in which the store cr is a DAG (S,p) where p maps Vars(p) to 
nodes, and 5 is a DSG that specifies the structure of the DAG. By definition, the size |a 
of such a store is the number of nodes in the dag that can be reached from some node 
variable, that is the number of nodes reachable via S from the entry nodes in the range 
of p. 

3 Using the construction of Chapter 8 , this could only fail if the RAM repeatedly stored first a nonzero 
value, and then 0, in a great many cells. This would create many useless but space-consuming blocks 
on the Turing machine’s tape. The problem is easy to circumvent; each time a register-changing RAM 
instruction is performed, the simulating Turing machine checks to see whether the new value is zero. 
If so, the address and value are removed from address and contents tapes, thus “compacting” the tape 
storage. This yields the desired space bound. 
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Storage in the TM to GOTO to RAM translations. 

In the translation compiling TM to GOTO, the number of DAG nodes accessible from 
variables can be seen to be proportional to the sum of the lengths of the tapes of the 
Turing machine being simulated. Consequently PSPACE™ C pspace goto . 

In the translation compiling GOTO to SRAM, the number of accessible SRAM memory cells 
is proportional to the DAG size since the implementation simply realizes the DAG as 
described. On the other hand, the implementation as sketched does not perform garbage 
collection. Revising the implementation to do this would give pspace goto C pspace ram 
and thus 

PSPACE G0T0 = PSPACE RAM = PSPACE™ = PSPACE™ 

21.5 Relations between space and time 

Proposition 21.5.1 TIME ™(/) C SPACE ™(/) for any /. Consequently PTIME C PSPACE. 

Proof. TIME ™(/) C SPACE™ (/) is obvious, since a TM-program p that runs in time 
bounded by /(|d|) cannot write on more than /(|d|) tape cells. Thus space™ (d) < /(|d|) 
by Definition 21.4.1 so 

PSPACE™ D PTIME™ = PTIME SRAM = PTIME G0T0 . 

□ 

Theorem 21.5.2 If f(n) > n for all n then 
SPACE™(/) C [JtIME™(c/) 

c 

Proof. We show that if a one-tape Turing machine program p runs in space / and 
terminates on its inputs, then it also runs in time C for appropriate c. 

Clearly p cannot repeat any computational state s = (£, ...BLSRB ...) in the com¬ 
putation on input d, since if this happened, p would loop infinitely on d. So to prove 
our result it suffices to show that a terminating program running in space / has at most 
^ ) different states for some c. 

Consider any computational state s reachable on input d. By the assumption on p, 
L S R| < /(|d|). The total number of possible values of the nonblank tape contents LSR 
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with this space bound is bounded by since each symbol in LSR must be 0, 1, or 

B. Further, the scanning position where S is located has at most /(|d|) possibilities. 

Combining these bounds, the total number of different possible values of the tape, 
including both tape scanning position and contents, is bounded by 

/(|d|)-3^l d 


Now n < 2 n for all n > 1, so by the assumption that f(n) > n we have 


/(|d|)-3/(l d l)<2^d!). 3 /(|d 


6 /(l d 


Finally, a total configuration of program p includes the control point and the state of its 
tape. The number of these is bounded by (|p| + 1) •6^^^ < c /(|d|) 

for all d where, for 

example, c= 12 |p| will do since 

(|p| + l) •6 /( l d l ) < (2|pj) / (l d l> - 6 /( l d l ) = (12| P yd d l) 


Since no state in p F so —* $i —>• • • • s t —■» s t +i ... can be repeated, the running time of p is 
bounded by Thus A lies in time(c^I^I^). □ 


21.6 Functions computable in logarithmic space 

For later usage in Chapter 26 (and for the sake of curiosity), we show that a number of 
familiar functions can be computed in logarithmic space. The read-only Turing machine 
has binary integers as inputs (multiple entries are separated by blanks), and is now 
assumed equipped with a one-way write-only output tape to write function values. 

Proposition 21.6.1 The following functions / : {0,1}* —»{0,l}* are Turing computable 
in space logn: 

1. X(x,y).x + y,X(x,y).x^y,X(x,y).x<y 

2. X(x,y).x-y 

3. f(x\,X 2 , ■ ■ ■x n ) = the same sequence sorted into nondecreasing order 
Proof. Exercises 21.5, 21.6, 21.7. 

Lemma 21.6.2 The following statements about a function / : {0,1}* — > {0,1}* are 
equivalent, provided |/(d)| is bounded by some polynomial p(|d|) for all d: 
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1. /is Turing computable in space klogn for some k. 

2. The following function is Turing computable in space £/log|d| for some k': 

A(i,d).the i-th bit of /(d) 

Proof. To show 1 implies 2, suppose / is Turing computable by program p in space klogn 
with input X, and that it produces its output on a third tape by executing a series of 
instructions of form write 3 Z. The idea is simply to produce the bits of /(d) = [[p]] (d), 
one at a time, but to ignore them until the i-th bit has been produced, at which time 
that bit is written. 

Add to p an extra input variable I and a counter variable C, and prefix p’s code by 
the following: 

if I > p(|X|) then stop; Otherwise: 

read I; (* from input tape (I.X) into memory *) 

C := 0; (* initialize bit counter *) 

(nil is written for a nonexistent bit.) Because of the polynomial bound on |/(d)|, variable 
I, if stored, will not require more than 0(logp(|d|)) bits. This is bounded by a constant 
times log |d| . To complete the construction, replace every instruction write 3 Z in p by 
the following: 

C := C + 1; 

if C = I then write 3 Z and stop; 

To show 2 implies 1, let program p compute A(i,d) .the i-th bit of /(d). Embed it in a 
program q of form: 

for C := 1 to p(|d|) do 

{ B := p C Input; if B = 0 or B = 1 then write 3 B } 

The idea is to write the bits of /(d) = [[p]] (d) , one bit at a time in order, by computing 
the i-th bit of /(d) for i = 1,2,... ,p(|d|)) and printing its results. 

The expression p C Input above is realized by running p, modified to take the Input 
part of its argument from the read-only tape, and the C part from the work tape. □ 

Theorem 21.6.3 If f,g are both computable in space logn then so is fog. 
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Proof. The obvious approach is simply to compute g(x) and then apply / to this result. 
Unfortunately this does not prove the theorem, because g(x) may occupy more that 
klogn bits (for example, even if g is the identity function). The problem is that a 
logspace / program cannot store all its input on a work tape, but is restricted only to 
look at its input one symbol at a time. Our strategy is thus not to store g(x) explicitly 
but rather virtually, using the result of Lemma 21.6.2. Let TM-program p f compute /, 
and assume program computes 

A(z,x) .the zth bit of g(x) 


as in Lemma 21.6.2. We sketch the construction of a 6-tape Turing program r to compute 

f(9 O))- 


Tape number 

Tape contents 

1 (read-only input) 

X — cL]_ . . . 3.^1 

2 

Program p/’s work tape 

3 

i scan position on program p/'s input tape 

4 

b = program p/’s scanned input symbol from g(x) 

5 

Program p^’s work tape 

6 (write-only output) 

Program p/’s output tape 


Figure 21.2: Tape contents for 6-tape Turing program r. 


Storage representation r’s tape contents are as shown in Figure 21.2. Initialization 
is trivial, as programs p f and p g for functions / and g both begin scanning the blank to 
the left of their respective inputs g(x) and x. Thus the only initialization action is to set 
i = 0 by writing 0 on tape 3, as all other tapes are initially blank. 

Instruction simulation. First, any instructions in program p/ of forms rights, 
left 2 , goto t and if 2 S goto £ can be performed without change; and write 2 S is 
of course simulated by writes S. Instruction if 1 S goto £ can be performed by testing 
the contents b of tape 4. 

The remaining p f instruction forms are righti and leftp we only describe the first, 
as the other is nearly identical. Instruction righti is simulated by code to effectuate: 

i := i + 1; b := p (; x i; (* i = scan position from tape 3 *) 
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Finally, it must be seen that this code can be programmed on a Turing machine, and 
that the resulting machine r works in logarithmically bounded space. 

As to programming, command b := p 9 x i can be realized by modifying p^’s pro¬ 
gram to use tape 5 as its work tape, and to take its input from tape 1 as long as it is 
scanning the x part of its two-part input xBi, and to shift over to reading from tape 3 
when reading from the i part. 

As to r’s space consumption, let n = |x|. Tape 4 is of constant size, and tape 5 is 
Pg’s work tape on x and so is logarithmically bounded in n. The value of g(x), which is 
p/’s simulated input, must be bounded by some polynomial tt (n) by the running time 
argument of Corollary 21.3.2. Thus 0 < z < 1 +7r(n), so tape 3 is logarithmically bounded 
(assuming i to be represented in binary notation). Finally, tape 2 has length at most 
k' log|<?(x)| < fc'log(7r(n)) = O(logn). 

Tape 1 is not counted, and all 4 work tapes are logarithmically bounded. They can 
all be combined into one work tape, also logarithmically bounded, which completes the 
argument. □ 

21.7 Hierarchies of problems solvable in bounded 

space 

Very similar results to those seen earlier for time bounds can also be proven for space 
bounds. The following is analogous to Definition 19.5.2. 

Definition 21.7.1 Function / : IN —> IN is space-constructible if there is a TM program 
f and a constant c > 0 such that for all n > 0 

[f]™(0 n ) = bin(f(n)) and space™ (0 n ) < c-f(n) 

Many familiar monotone functions are space-constructible, e.g. all linear functions, all 
polynomials, and / + g, f * g, f 9 whenever f,g are time-constructible (Exercise21.8). 

Theorem 21.7.2 For one-tape Turing machines: If / is space-constructible there exists 

b > 0 such that pspace™(6/)\pspace™(/) ^ 0. 

Proof. The proof is very similar to that of Theorem 19.5.3 and so is just sketched here. 
The technique used is again diagonalization to construct a program diag defining a set 
A in PSPACE™(5/)\PSPACE™(/) for suitable b. 
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There are, however, some differences. To begin with, we must assume that one- 
tape Turing machine programs are encoded as strings over {0,1}*. The next step is to 
construct a self-interpreter that uses such a description of a program by a string. This is 
technically rather messy, and has been done in numerous books and articles, so we omit 
the details. 

The diagonalizing program diag is then a modification of the self-interpreter, just as 
in Section 19.5.3. Program diag is constructed so that for any input p G {0,1 }*: 

1 if space p (p) > /(|p|) 

or Up]] (p) does not terminate within limit (p) steps 
0 if space p ( p) < /(|p|) and [p]](p) ¥= 0 
1 if space p ( p) < /(|p|) and [pj(p) = 0 

It is of course essential that the diagonalizing program diag terminate on all inputs, and 
that it does not use more than bf( |p|) space on input p. Termination can be achieved by 
observing that the simulated Turing program p on input d may not run for more than 

limit(d) = (|p| + 1) • 3^1^ • /(|d|) 

steps without entering an infinite loop, since exceeding this limit would imply it had 
repeated a total state and so was in an infinite loop. If [[p]] (p) has not terminated within 
this number of steps, it will never terminate. Thus this value may be used for a variable 
Timebound, playing the same role as in Theorem 19.5.3. The code Timebound := tl 
Timebound from Section 19.5.3 must thus be replaced by code to perform the binary 
number operation Timebound := Timebound - 1. 

Space analysis It must also be guaranteed that diag runs in space bf( |d|) for some 
b and all d. First, note that 0(f( |p|)) space is enough to store Timebound as a binary 
number. Second, the space condition above can be checked by monitoring the space 
usage of p, rejecting it if it uses more than /(|p|) memory, or more than limit(p) time. 
If diag is itself written in a space-economical way as just described, it will not use more 
than linearly more space than /(|p|). 

Finally, assuming the set decided by diag can be decided by another program in 
space not exceeding /( |d|) leads to a contradiction, just as in Section 19.5.3; this proves 
the theorem. □ 

Theorem 21.7.3 If functions f,g are space constructible, f(n) > n,g(n) > n for all n, 
and lim n _ 00 #(n)//(n) = 0, then SPACE™(/)\SPACE™ (g) ^ 0. 
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Proof. This is very similar in concept to the proof of Theorems 19.5.3 and 21.7.2. 



Exercises 


21.1 Prove Proposition 21.1.5 


□ 


21.2 Prove Corollary 21.1.6. 


□ 


21.3 Prove Proposition 21.1.7. 

This can be done by filling in the details of the following sketch. Given CM program 
p, its code can be modified as follows: First, CMro program q scans the symbols of its 
input ai... a n = bin(v ), and computes v = 6 m _1 (ai... a n ), which it stores into a counter. 
It then executes the code of p without modification. A straightforward size analysis of 
the values involved shows that this can be done in the required space. □ 


21.4 Prove Proposition 21.1.8. This can be done by filling in the details of the following 
sketch. 

Given CMro program p, its code can be modified as follows: First, q copies input v 
into a counter Cv not used by p, and then determines its length n and puts it into counter 
CO. This is straightforward using the definition of bin : divide u + l by 2 repeatedly and 
discard the remainder until 0 is obtained; the number of times halving is done is n+ 1. 

Second, p can be simulated stepwise, all instructions that q executes being identical 
to those of p with a single exception: In Ci =0 goto £ else £'. The value of the needed 
bit from bin(v) can be found by repeatedly halving v -\-1 a number of times equal to the 
value of Ci. If the result is positive and even then the bit is 0, else if positive and odd 
then 1, else Ci exceeds n. A straightforward size analysis of the values involved shows 
that this can be done in the required space. □ 


21.5 Prove Proposition 21.6.1, part 1. An informal construction, for instance a sketch 
of a Turing machine, will do; just make it clear that the algorithm works, and that all 
values involved are logarithmically bounded. □ 


21.6 Prove Proposition 21.6.1, part 2. 


□ 


21.7 Prove Proposition 21.6.1, part 3. 


□ 


21.8 Prove that the following functions are space-constructible: 
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1. f(ri) = an+ 6, for non-negative integer constants a and b. 

2. / + #, assuming that f,g are space constructive. 

3. f *g, assuming that f,g are space constructible. 

4. f 9 , assuming that f,g are space constructible. □ 

References 

The earliest work on space-bounded hierarchies is from 1965, due to Hartmanis, Lewis 
and Stearns [64, 65]. Early results on sublinear space are found in papers by Savitch, 
Meyer, Jones, and Jones, Lien and Laaser [157, 126, 84, 75, 80]. 





22 Nondeterministic Computations 


A nondeterministic program is one that may “guess,” i.e. one whose next-state transition 
relation is multivalued rather than a partial function, as has been the case hitherto. This 
capacity may be added to any of the imperative computation models already seen by 
adding a single instruction form £: goto £' or £". Its semantics is to enlarge the state 
transition relation of Figure 7.1 to also allow transitions 

(£,&) —> (£',cr) and (£,&) —> (£",&) 

Correspondingly, one makes a while program nondeterministic by adding a “choice com¬ 
mand,” for example 

C ::= choose Cl or C2 

with the natural semantics: Either command Cl or command C2 may be executed. 

Note that nondeterministic programs are /em not functional in a mathematical sense: 
the same input may give rise to many different computations, some of which may fail to 
terminate, and some which may terminate with different outputs. 


22.1 Definition of nondeterministic acceptance 

Definition 22.1.1 A computation p h si — » S 2 —►... —» St is accepting if it terminates and 
writes the output true. An input d G L— data is accepted by nondeterministic program p if 
p has at least one accepting computation p h si —> $2 —»• • • —> s t with s i = (l,Readin(d)). 
The set Acc( p) C D accepted by p is by definition 


Acc{ p) = {d G X* 


p accepts d} 


This is sometimes called “angelic nondeterminism”: Input d is accepted if there exists 
at least one sequence of “guesses” leading to output true, but the definition does not 
specify how such a sequence can be obtained. One can think of acceptance as the result 
of a search through the tree of all possible comptations on the given input, a search which 
succeeded in finding a branch ending in “accept.” 
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22.2 A simple example: path finding 

The problem is, given a directed graph G = (V,E,s,t) with edges E = {(ri,pi), 
(^ 2 ,^ 2 ),•••} and a source and target nodes s,£, to decide whether there exists a path 
from s to t. The following nondeterministic WHILE program sketch assumes inputs s,£, 
and that the graph G is given as a list ( (ui . vi) (112 . V 2 ) ... (u n . v n ) ) in ID. 

read S, T, G; 

W := S; 

while W / T do (* Repeat until (if ever) T is reached *) 

Copy := G; 

while Copy do (* This chooses an edge at random: *) 

choose 

Copy := tl Copy (* Either omit the first edge of G J s copy *) 
or { Edge := hd Copy; Copy := nil }; (* or keep it *) 

if W = hd Edge (* If W = source of chosen edge then *) 

then W := tl Edge; (* continue from target of chosen edge *) 

write true (* If it gets here, a path was found *) 

This straightforward nondeterministic program just “guesses” a path from s to t. 

22.3 Resource-bounded nondeterministic algorithms 

Time and space usage are also interpreted angelically, taking the least possible values 
over all accepting computations: 

Definition 22.3.1 Given a computation C = p b s± —> $2 —* • • • s*, its running time is 
t (its number of states). The space usage of computation C is by definition \C\ = 
max{|so|, |si|,..., \s t |}. The time usage (space usage) function of program p on input 
d is the shortest length (minimum space) of any accepting computation: 

time p(d) =min{£ | p b si —>•••—> s t is an accepting computation on input d} 
space p (d) = min{|Cj | C = p b s\ —>•••—> s t is an accepting computation on input d} 

Definition 22.3.2 In the following, L- program p may be nondeterministic. 

nptime l = {Acc(p) | time £(d) < a polynomial p in |d| } 
npspace l = {Acc( p) | space £(d) < a polynomial p in |d| } 

NLOGSPACE l = {Acc( p) | space £(d) < /c log |d| for some k} 
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The symbol N in the classes above indicates nondeterminism. Note that, by definition 
and in contrast to deterministic computation as defined before, if p fails to accept an 
input d then it may enter an infinite loop (though it is not required to do so). 

Proposition 22.3.3 

ptime l Cnptime l , pspace l Cnpspace l , and logspace l CnlogspaceP 

Proof. Immediate since every deterministic program is also nondeterministic, and uses 
no more time nor space under the nondeterministic measure than under the deterministic 
one. □ 

Theorem 22.3.4 Aside from data encoding, 

• NPTIME™ =NPTIME SRAM =NPTIME G0T0 

• NPSPACE™ =NPSPACE SRAM =NPSPACE G 0 T 0 =NPSPACE CM 

• NLOGSPACE™ =NLOGSPACE CM 

Proof. The constructions seen earlier for deterministic programs can without modification 
be applied to the nondeterministic ones. □ 


Exercises 


22.1 Prove that any set A C {0,1}* that is accepted by a nondeterministic Turing ma¬ 
chine p is recursively enumerable. 

Hint: Let a choice sequence be a string cs = C 1 C 2 .. . c m G {0,1}*. For each time step 
t in p's computation, if the current instruction to execute is goto P or P' , interpret Ct 
as advice on which branch to take: p should take branch P if c* = 0, else take branch P'. 

Consider the function 


/(d> cs) = 


d if p accepts d, given choice sequence cs 
J_ if not, or |cs| < time p (d) 


First, show that / is computable by an ordinary deterministic Turing machine. Then 
argue that the result follows from Theorem 5.7.2. □ 


References 

The earliest work on nondeterministic space-bounded computation is by Kuroda from 
1964 [102], soon followed by Hartmanis, Lewis and Stearns [64, 65]. Edmonds explored 
nondeterministic algorithms from a more practical viewpoint [42]. 





23 A Structure for Classifying the 
Complexity of Various Problems 


This chapter introduces a wide-ranging sequence of problem classes, and proves them to 
be a hierarchy. Many familiar and important computational problems can be located 
precisely in this hierarchy, hence the chapter’s title. 

It is not yet known, however, which or how many of the inclusions below are proper 
ones, for instance whether there exists at least one problem solvable in polynomial time by 
a nondeterministic algorithm, but not solvable in polynomial time by any deterministic 
algorithm. 1 The containments we will establish are: 

LOGSPACE C NLOGSPACE C PTIME C NPTIME C PSPACE = NPSPACE 

Computation models henceforth 

We will henceforth refer to LOGSPACE, ptime, etc. without naming the computation 
model involved. When time bounds are being discussed, a one-tape Turing machine 
will generally be used because of its simplicity, and the “work tape” will refer to its only 
tape. When possibly sublinear space bounds are involved, the model will be the read-only 
Turing machine, with a read-only input tape and an additional read-rite work tape. 

Input format 

Turing machine inputs are in principle always strings in E* = {0,1}*. It will sometimes 
be convenient, however, to represent inputs as strings over an alphabet E D {0,1}, e.g., 
with markers or parentheses for the sake of readability. Any Turing machine with such 
an extended input tape alphabet can be simulated by one using oonly the symbols 0,1 
at the cost of a constant slowdown, and multiplication of space usage by a constant. 

23.1 Some convenient normalizations 

In this and following chapters many constructions start with a Turing machine program 
p, deterministic or nodeterministic, that accepts a set A C {0,1}*. These constructions 

1 This is the famous P = NP? b. 
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become technically more convenient if we can assume without loss of generality that 
program p has been normalized so that acceptance of an input only occurs in a fixed 
way, less general than as defined before, and so easier to manage in our constructions. 
This is the content of 

Proposition 23.1.1 For any Turing machine program p there is a program q = Ii... I m 
such that for any d G {0,1}* 

1. p has a computation that accepts d if and only if q has a computation 

Reading d) = (0, cro) (m, a rn ) — > (m, a m ) —> ... 

where the work tape of a m contains _1BB.... 

2. p has a computation that does not accept d if and only if q has a computation 

Reading d) = (0 ,cto) (m — l,<j m _i) —■> (m — l,<r m _i) —> ... 

where the work tape of (J m _i contains OBB.... 

3. In the computations above, q first reaches configurations with label m or m— 1 
after using the same space as p on the same input, and time at most a constant 
factor larger than that used by p on the same input. 

Proof. First, let q be identical to p, but with instructions added at the end of its program 
to “clean up" the work tape by writing blanks over all squares except for the answer (0 
or 1), and then stopping there. Next, add to q the instructions 

m-1: if 0 goto m-1; 
m: if 1 goto m 

at its end, so q loops infinitely at control point m-1 if the answer is 0, else at control 
point m. 

Clearly the cleanup code costs no extra space, and uses time at most the length of 
the nonblank part of p's work tape, which is of course bounded by p’s run time. The 
final code only adds a constant amount to time usage. □ 
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23.2 Program state transition graphs 

Definition 23.2.1 A concrete syntax for graphs. Graph G— (y,E,VQ,v en d) can be rep¬ 
resented by listing its vertices, edges, and source and target as the following string over 
the alphabet £ = {0,1, [,],(,),}, where each vertex v* is represented by i as a binary 
number: 


K, . . •, V r ], [(u, u ), (v, v),..., (w, w')], V 0 , v end 

Definition 23.2.2 We assume given a deterministic or nondeterministic read-only Tur¬ 
ing machine program p with m instructions, normalized as in Proposition 23.1.1; and an 
input d = aia 2 ... a n E {0, l}*. A configuration of p for input d is by definition a tuple 
C = where 

• 1 < ^ < m is a control point in p; 

• W = bxb 2 ■ ■ - h w E {0,1,B}* is the contents of p’s work tape; and 

• i,j are the scan positions on its input and work tapes, respectively, so symbols a* 
and hj are scanned (blank if at one end of either tape). 

The state transition graph G p (d) of p for input d is a directed graph G p (d) = (V, E,uo,u en d) 
with identified initial and final vertices vo,v en di where 

1. Vertex set V = V^(d) equals the set of all of p’s configurations; 

2. Edge set E = E v { d) equals the set of all configuration pairs (G,G') (or more sugges¬ 
tively: G —> C r ) such that program p takes configuration G to C' in one computation 
step; 

3. The initial vertex of G p (d) is vq = (1,0,0, B), so the work tape is empty; and 

4. The final vertex of G p (d) is v en d = (m, 0,0,1), where m is the number of instructions 
in p. 

Definition 23.2.3 Turing machine program p is f-bounded if for every input d and 
every configuration G = (£,i,j,W) reachable from the initial configuration for d satisfies 
0<j</(|dj) + l. 

An /-bounded program p may only enter finitely many different configurations. Since 
the graph vertex set V is a set of configurations, the graph for any program that runs in 
space / is always finite , even though p may have infinitely long computations. 
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Lemma 23.2.4 Suppose A C {0,1}* is accepted in space / by program p, where f(n) > 
logn for all n. Let transition graph G p (d) of p for input d be as above. Then 

• d G A if and only if G p (d) has a path from vo to v en d ; and 

• Any vertex of G p (d) can be represented in 0(/(|d|)) space. 

The first part is immediate. As to the second, in any configuration G = we have 

0 < i < n -\-1 and 0 < j < f(n) + 1. Thus in binary notation, i can be stored in at most 
l + logn = 0{f{n)) bits, and j can be stored in at most log(/(n) + 1) = G(/(n)) bits. 
The number of control points t is independent of n, and |W| < f(n) by definition. 


23.3 Algorithms for graph searching 

The following apparently rather specialized problem will turn out to play a central role 
in establishing several parts of the space-time complexity hierarchy. 

Decision problem GAP (graph accessibility): 


Input: a directed graph G= (V,E,vo,v en d) as in the concrete syntax of Definition 23.2.1. 
Output: true if G has a path vq —»* v en( n else false. 


We present no less than four algorithms for the problem. The first two are nondeter- 
ministic and use logarithmic space: one gives positive answers and the other, negative 
answers. The others are deterministic. The third uses linear time, and linear space 
as well; and the last runs in space 0(log 2 n). Each is expressed by giving an informal 
procedure, after which its time or space usage on a Turing machine is analysed. 

23.3.1 Graph accessibility in nondeterministic logarithmic space 

Theorem 23.3.1 The GAP problem is in the class NLOGSPACE™. 

Proof. Let G = (V, E, vq, v en d) be a graph with designated start and finish vertices vq, v en d 
and vertex set V = {ui,...,u r }. Note that r < size(G). Consider the program sketch 
(assuming graph G is given as read-only data): 
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w := v 0 ; 

while W Vend do 

choose an arbitrary node x with w —» x G E\ 
w : = x 
write true 

This straightforward nondeterministic program just “guesses” a path from i> 0 to v en d- It 
stores at most two vertices at any one time. Given r vertices in V, this alorithm requires 
at most O(logr) bits of storage , which is at most O (log size(G)). □ 

23.3.2 Graph inaccessibility in nondeterministic logarithmic 

space 

Surprisingly, the negation of this problem can also be solved within logarithmic space 
using nondeterminism. 

Theorem 23.3.2 The following set is in the class NLOGSPACE™: 

GAP = { G = (V,E,vo,v en d) | graph G has no path from vertex vq to v en d } 

Proof. Let G be a graph be as above. Let 
rii = #{w | v 0 u} 

be the number of nodes that can be reached from node vo by a path of length at most 
i. We will soon show how each rq can be computed. First, though, we show a nondeter¬ 
ministic algorithm which, assuming n r _i to be given in advance, can answer “Nopath = 
true” iff G G GAP. Consider the program sketch of Figure 23.1. 

Assume that n r _i is given correctly. This program, for every node z, can either ignore 
it, or “guess” that there exists a path from vo to z. The next step is to see whether its 
guess was correct, and to abort if the verification attempt fails 2 . The number Count of 
such verified guesses is counted. If it equals n r _i then every accessible node has been 
examined. 

In this case, the final value of Nopath is true if and only if there exists no path from 
vo to v en d • In all other cases the program fails to terminate, so only correct answers are 
ever produced. 

The algorithm above uses several variables, each of value bounded by either a constant 
or logr, and so runs in logarithmic space (assuming n r _i given in advance). 


2 This can be done by a random walk, exactly as in Section 23.3.1. 
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Nopath := true; (* Attempt to scan all and only the nodes *) 

Count := 0; (* reachable from vo *) 

for z := 1 to r do 

choose (* Guess whether node z is reachable or not *) 

skip (* negative guess *) 

or (* positive guess *) 

if 3 path vo —>*z 

then Count := Count +1; (* One more node reached *) 

if z = v en d then Nopath := false 
else abort; (* e.g. loop infinitely *) 

if Count 7 ^ 7 i( r _i) then abort; 
write Nopath 

Figure 23.1: Nondeterministic graph inaccessibility algorithm. 

What remains is to verify that n r _ i can be computed in logarithmic space; this is 
done by the following algorithm, also nondeterministic. First, note that no = 1 since 
there is exactly one path v Q —>° u 0 of length 0 from v 0 . 

0 

The rest of the algorithm is based on the fact that vo —P u for i > 1 iff for some 
node ic, vq — P~ 1 w and w —» u is a G edge. The algorithm determines for every node 
u whether or not there is an edge from at least one node w with vo — P _1 w. Assuming 
inductively that the count n^_i is known, this can be done as in the algorithm above: 
nondeterministically choose some nodes w with Vq —3~ l w , and use the count n*_i to 
verify that all such nodes have been examined. If so, vq u iff there is an edge w —» u 
where w is one of the nodes that was examined. 

The program of Figure 23.2 embodies these ideas. The algorithm uses several vari¬ 
ables, each either of value bounded by either a constant or logr, and so runs in logarithmic 
space. □ 

23.3.3 Graph accessibility in polynomial time 

Lemma 23.3.3 GAP is in PTIME. 

Proof is omitted; it is just the correctness of the “depth-first search” algorithm of Figure 
23.3. Time analysis, at first abstractly: the loop to initialize Seenbefore takes time 
0(| V\). Procedure Probe can call itself recursively at most r times. No edge is probed 
more than once, so the total time used in Probe is 0(max(| Vj, |Ej)). Combining these, 
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n := 1; i := 0; 

repeat (* Invariant here: n = n^ *) 

i := i + 1; 

n := 0; (* Search for all and only nodes u reachable *) 

for u := 1 to r do (* from vo in <i steps *) 

Counter := n _i; (* Find all nodes reachable in <i steps *) 

Foundu := false; 

for w := 1 to r do (* Examine EVERY node w *) 

choose (* Guess w unreachable in <i steps *) 

skip 

or (* Guess w reachable in <i steps *) 

if 3 path vq-^ <1 'w 

then Counter := Counter-1; (* w reached in <i steps *) 

if w —> u then Foundu := true; (* If reachable *) 

else abort; 
if Counter ^ 0 

then abort (* Missed nodes reachable in <i steps *) 
if Foundu 

then n := n + 1; (* Another u reachable in <i steps *) 

until i = r-1; 

(* End of outermost loop *) 
write n 

Figure 23.2: Nondeterministic algorithm to compute n r . 

the algorithm’s total run time is 0(max(| V|, |.E|)). A Turing machine implementation of 
the algorithm takes time more than linear, but still a low-degree polynomial. 

23.3.4 Graph accessibility in log 2 n space 

Lemma 23.3.4 GAP is in |J fc SPACE™( /c(logn) 2 ). 

Proof. Let G— (V,E,vo,v en d)- Correctness of the following algorithm is based on the 
observation that x —A y iff one of three cases holds: k = 0 and x = y\ or k = 1 and 
(x,y) G E-, or k > 1 and for some z G V, both of x —z and z — y are true. □ 

Algorithm Divide-and-conquer search. 

This algorithm (Figure 23.4) uses recursion to decide whether there exists a path 
from vertex i to vertex j of length at most f. Termination is ensured by dividing f by 
two at each recursive call. Space bound log 2 r is understood to mean (logr) 2 . □ 
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procedure Main: Graph -> Boolean; 
begin 

read V, E, v 0 , v end ; 

forall v in V do Seenbefore[v] := false; 

Probe (vq); 

write Seenbefore[v en rf] ; 
end (* Main program *); 

procedure Probe(v); (* Side effect on Seenbefore *) 

begin 

if not Seenbefore[v] then { 

Seenbefore[v] := true; 

for every edge v -> v' in E do Probe (v ; ) } 

end 

Figure 23.3: Depth-first Graph Search. 


procedure Main: Graph -> Boolean; 
begin 

read V, E, v 0 , v end ; 
r := Number of vertices in V; 
write Path(v 0 , v end , r) ; 
end (* Main program *); 

procedure Path(i,j ,() ; 

begin (* Gives true if 3 path i—»*j no longer than f *) 

if f = 0 then {return truth of J is i = j? J }; 
if f = 1 then {return truth of J is i -> j in E? 5 }; 
for k := 1 to r do { 

(' := t div 2; (* Integer division *) 

if Path(i, k, (!) and Path(k, j, ( — (!) 
then return true }; 
return false 
end 

Figure 23.f: Divide-and-conquer search. 


Space analysis: procedure Path can call itself recursively to a depth of at most O(logr), 
as this is the number of times that r can be halved before reaching 1. The “call stack” 
of traditional implementations thus has at most O(logr) stack frames, each containing 3 
numbers between 0 and r (plus a return address, of constant size). Each number can be 
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represented in O(logr) bits, so the total storage requirement is at most 0(log 2 r) bits. 
This bound is easily achieved on a Turing machine, by storing the call stack on its tape. 

23.3.5 Time and space to generate a state transition graph 

Assume we are given a work space size bound function / : IN —» TV, an /-bounded 
program p with m instructions, and an input d of length n. Let G p (d) = (V,E,Vo,v en d) 
be the state transition graph from Definition 23.2.2. 

Lemma 23.3.5 If / is space constructive and f(n) > log n for all n, then for a fixed 
program p there is a c such that for all d, graph G p (d) can be constructed in time at 

most 1^1). 

Construction 23.3.6 The abstract algorithm of Figure 23.5 will write G p (d). □ 

read d; 

n := length(d); (* Input size *) 
z := f(n); (* Work tape space bound *) 

V := {}; (* No vertices initially *) 

E := {}; (* No edges initially *) 

for £ := 1 to m+1 do (* Compute the set of all vertices *) 

for i := 0 to n+1 do 

for j := 0 to z+1 do 

forall strings w G {0,1,B}* with |w| < z do 

V := V U {(£,i,j, w)}; 
write V; 

forall cl G V do forall c2 G V do (* Compute all edges *) 

if cl —► c2 by program p 
then E := E U {cl—>c2}; 
write E; 

vo := (1,0,0,B); v en d * = (ra, 0,1,1); (* Initial and final *) 
write v 0 , v end ; 

Figure 23.5: Build state transition graph. 

Proof. First, configurations have form G = (T,z,/,W). Since p is /-bounded, their number 
is at most (ra+ l)(n + 2)(/(n) + 2)3^ n ). This is O(gGA) for appropriate g. Since / is 
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space constructible, step z := f (n); in Figure 23.5 can be performed in space f(n) and 
so in time for appropriate h. 

The first nest of four loops takes time proportional to the number of configurations. 
The second nest of two loops takes time at most quadratic in the number of configurations, 
which only serves to increase the base of the exponent. The test “if cl —» c2” can be 
done in time 0(|cl| + |c2|). 

Implementation of this algorithm on a Turing machine is straightforward. The only 
effect of slow access to data stored on its tapes being to increase the value of c. This 
completes the proof. □ 

Lemma 23.3.7 If / is space constructive and f(n) > logn for all n, then for a given 
fixed program p there is a c such that for any d, graph G p (d) can be constructed using 
work space at most c/(|d|). 

Proof. A slight modification of Construction 23.3.6 can be used. One change is that 
instead of storing the vertices and edges of G p (d) in memory, they are written on a 
write-only output tape as they are constructed. Another is to find a way to avoid storing 
all of V. 

First, note that a single configuration G = (T,z, j,w) takes space at most 

o (max (log (to +1), log (n +1), log (/ (n)), f (n)) 

which is of size 0(/(n)) by the assumption that f(n) > logn (recall that m is fixed). 
The first nest of loops require storing values of t 7 , i, j and w, which together occupy the 
space of one configuration. Instead of storing the result, the algorithm is modified to 
write configurations on the output tape as soon as computed. 

The second nest of loops require storing the two configurations cl and c2 at once. 
Listing all values of cl G V can be done by the same four nested loops just mentioned, 
and the values of c2 E V can be generated by four more. Again, edges are written out 
as soon as generated. 

The total storage usage of the algorithm just sketched is clearly 0(/(n)), as required. 

□ 
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23.4 Some inclusions between deterministic and 

nondeterministic classes 

We have now done most of the work needed for the following result, which strengthens 
that of Theorem 21.5.2. 

Theorem 23.4.1 NSPACE(/) C time(G) for some constant c, if / is space constructive 
and f(n) > logn for all n. 

Proof. Given p that runs in space /, Construction 23.3.6 yields its state transition graph 
G p (d) = (V,E,vo,v en( i) in time 0(g^ n " > ) for appropriate g, where n— |d|. We have shown 
that p accepts d if and only if G p (d) has a path from vq to v en d- This can be tested 
by the depth-first graph searching algorithm of Section 23.3 in time polynomial in g^ n \ 
which is again exponential in f(n) (for example (g^ n ^) k = (g k '^ n ^)). □ 

Corollary 23.4.2 NLOGSPACE C PTIME 

Proof. c klogn = n fclogc , so NSPACE (k log n) C TlME(c fclogn ) = TlME(n fclogc ). □ 

Theorem 23.4.3 NSPACE (/) C (J c space(c- (/ 2 )), provided / is space constructible and 
f{n) > logn for all n. 

Proof. Suppose A G NSPACE (/) is accepted by program q. Let program p be as in 
Proposition 23.1.1, and let G p (d) be p’s state transition graph. As observed before, 
d G A iff q accepts d, so d G A iff G p (d) has a path from Vo to v en d . It thus suffices to 
show that the existence of such a path can be tested within space (/(n) 2 ), where n = |d . 

By Lemma 23.3.7 there is a c such that the function g( d) = G p (d) can be constructed 
using work space at most c/(|d|), and graph G p (d) has at most r = nodes. By the 
result of Section 23.3.4, this graph can be tested to see whether a path from Po to v en d 
exists in space 0((logr) 2 ). Finally 

(logr) 2 = (log(c /(n) )) 2 = (/(n)logc) 2 = (log c) 2 /(??) 2 

Consequently the test for existence of a path from vq to v en d can be carried out in space 
at most 0(/(n) 2 ). □ 

Corollary 23.4.4 PSPACE = NPSPACE 

Proof. Left-to-right containment is immediate by definition. The opposite containment 
follows from Theorem 23.4.3, since the square of any polynomial is also a polynomial. □ 
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23.5 An enigmatic hierarchy 

Theorem 23.5.1 logspace C nlogspace C ptime C nptime C pspace = npspace, 

and NLOGSPACE ^ PSPACE. 

Proof. The set inclusions are immediate consequences of the definitions of the various 
complexity classes, plus Theorem 23.4.2 and 23.4.3. Further, Theorem 23.4.3 establishes 

NLOGSPACE C [J SPACE (k log 2 n) 

k> 1 

For any k > 1 we have linin^oo A:log 2 n/n = 0, so by the hierarchy theorem for space 
constructible bounds (Theorem 21.7.2), there exist problems in SPACE(n) but not in 
SPACE(/clog 2 n) for any k, and so a fortiori not in NLOGSPACE. Since n is certainly a 
polynomial, there are problems in PSPACE but not in NLOGSPACE. □ 

An interesting and challenging fact is that, even after many years' research, it is still 
not known which of the inclusions above are proper inclusions. The undoubtedly best- 
known of these several open questions is whether ptime = nptime, also known as the 
P=NP? question. 

Frustratingly, the result that NLOGSPACE Q. PSPACE implies that at least one among 
the inclusions 

LOGSPACE C NLOGSPACE C PTIME C NPTIME C PSPACE 

must be a proper inequality (in fact, one among the last three, since equality of all three 
would violate NLOGSPACE Q. PSPACE); but it is not known which ones are proper. 

The gap in computational resources between, say, LOGSPACE and nptime seems to 
be enormous. On the one hand, nptime allows both polynomially much time, and as 
much space as can be consumed during this time, and as well the ability to guess. On 
the other hand, LOGSPACE allows only deterministic program that move a fixed number 
of pointers about, without changing their data at all. (This claim will be substantiated 
in Section 24.1.) 

Nonetheless, no one has been able either to prove that LOGSPACE = nptime, nor 
to find a problem solvable in the larger class that is provably unsolvable in the smaller. 
Many candidates exist that are plausible in a very strong sense, as will be seen in a later 
chapter on “complete problems,” but the problems of proper inclusion remain open. 

Theorem 23.5.2 If A G NSPACE(/) and f(n) > logn is space-constructible, then A G 
nspace(c • /) for some c > 0, where A is the complement of A. 
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Proof. Suppose nondeterministic Turing machine program p accepts A in space /. Then 
an arbitrary input d is in A iff there is a path in the transition graph G p (d) of p for input 
d from vo to v en d . In other words, d G A iff G p (d) G GAP. But this implies d G A iff 
G p (d) G GAP. 

By Lemma 23.3.7 there is a c such that for all d, graph G p (d) can be constructed using 
work space at most c/(|d|). Combining the construction of G p (d) with the algorithm of 
Theorem 23.3.2, we obtain a nondeterministic algorithm to test membership in A. 

Its space usage is at most log size(G p (d)), and size(G p (d)) is at most b- 1 ^ for some 
b and all inputs d. Consequently the algorithm uses at most log6^^ d ^ = 0(/(|d|)) space, 
as required. □ 

Exercises 

23.1 Estimate the running time of the graph searching algorithm of Lemma 23.3.4. □ 

23.2 Estimate the running time of the state transition graph-searching algorithm of 

Theorem 23.3.2. □ 

23.3 Prove carefully that GAP G NLOGSPACE. □ 

23.4 Estimate the running time of the LOGSPACE algorithm of Theorem 23.3.2 for de¬ 
ciding membership in GAP. □ 
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24 Characterizations of logspace and 
ptime by GOTO Programs 


24.1 Characterizing logspace by cons-free GOTO 

programs 

A tree-manipulating program is read-only if it never constructs new values, but instead 
just scans its input. While limited in their computational power, such programs are 
by no means trivial. For example (if equipped with a write-only output string) the 
“append” function is easy to program, and arithmetic operations are not difficult (see 
the Exercises.) The following defines this and two other restrictions more precisely: 

Definition 24.1.1 The restricted languages below have exactly the same semantics as 
before, except that their sets of programs are limited in various ways. 

1. WHro, GOTOro, and F+ro will henceforth denote the read-only versions of the lan¬ 
guages WHILE, GOTO and F, respectively, meaning: the same programs and seman¬ 
tics, except that programs restricted not to contain cons. An F program will, 
however, be allowed to have any fixed number of variables. 

2. ACM\ C:=C+1 program is a CM program without any operations to increase a counter. 
It is allowed, however, to have instructions Ci := Cj to copy one counter into 
another. 

3. A CK ualue program is a CM program that, if given input of length n, computes so 
that no counter ever exceeds n in value. 

4. An F+-program is tail-recursive if no function call is nested inside another opera¬ 

tion or function call (nesting inside the then or else branch of an if expression 
is allowed, though). F+tr will henceforth denote F restricted to tail-recursive pro¬ 
grams, and F+rotr will henceforth denote F restricted to cons-free tail-recursive 
programs. □ 


First, an easy result: 

Proposition 24.1.2 WHro = hntzrne GOTOro = hntirne F+rotr 
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Proof. WHro = hnUrne GOTOro is immediate from the proof of Theorem 18.3.3, as the 
operation cons was not used in Propositions 8.2.1 or 8.2.2. The point of Exercise 24.1 is 
to prove GOTOro = hntirne F+rotr (straightforward). □ 

Looking ahead, we will eventually prove that, when applied to inputs from {0,1}* 

1. WHro, GOTOro, and F+rotr decide exactly the problems in LOGSPACE. 

2. F+ro decides exactly the problems in PTIME (even though F+ro programs may run 
for exponentially many steps!). 


Read-only tail-recursive programs are just those output by Wadler's treeless trans¬ 


former [172] when applied to (possibly nonlinear) input programs of type {0,1} 


{04}. 


This is interesting since the concept of treelessness was introduced for the “deforestation” 
program optimization without thought of complexity; and the result above characterizes 
the computations performable by programs that can be deforested. 


24.1.1 Some central simulation lemmas 

To establish the first point above, we show that the following all define the same decidable 
problems (on inputs from IDqi for GOTOro programs): 

• Turing machine programs that run in space £dog(|d|) for some k. 

• Read-only counter programs in which each counter is bounded in value by |d|, or a 
polynomial in |d|, or even restricted so that no counter may be incremented. 

• GOTOro programs. 

• Frotr programs. 

Proofs are by a series of lemmas progressing from GOTOro programs to the logspace 
counter-length bounded machines of Corollary 21.3.1. 

Lemma 24.1.3 A C {0,1}* is decidable by a CM\ G:=c+1 program iff A is decidable by a 
GOTOro program. 

Lemma 24.1.4 If A C {0,1}* is decidable by a Q\y ualue f n ) program then A is decidable 
by a CM\ G:=c+1 program. 

Lemma 24.1.5 If A C {0,1}* is decidable by a CM /o ^ space program then A is decidable 
by a CM value ( n ' ) program. 
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Together these lemmas imply the following: 

Corollary 24.1.6 A C {0,1}* is decidable by a CM /o ^ space program iff A is decidable by 
a CM\ G:=c+1 program. 

Proof. Corollary 24.1.6: “If” is immediate since CM\ C: = C+1 C CK value ^ C CM l °9 space . 
“Only if” follows from from Lemmas 24.1.5 and 24.1.4. □ 

Theorem 24.1.7 4C{0,1}* is in LOGSPACE™ iff A is decidable by a GOTOro program 
iff A is decidable by a F + rotr program. □ 

The theorem is immediate from Corollary 21.3.1, Corollary 24.1.6, and Proposition 24.1.2. 

24.1.2 Constructions to prove the simulation lemmas 

We must now prove the three Lemmas. The following is an easy result on very limited 
counter machines: 

Proof. Lemma 24.1.3: we must show that any CM^ C:=C+1 program p is equivalent to some 
GOTOro program program, and conversely. Input to a CM-program is a string aia 2 -..a n , 
corresponding to input list 

(a n a n -i...afc...ai) G Doi 

(using Lisp list notation) for a GOTOro-program. Each a* is nil or (nil.nil). 

Suppose we are given a CM^ C:=C+1 program p. Its counters Ci can only assume values 
between 0 and n. Thus any Ci with value k can be represented by a GOTOro program 
variable Xi which points to sublist (afc...ai) (and to the nil at the end of the input list, 
in case k = 0). 

Counter command Ci := Cj can obviously be simulated by Xi := Xj. Command 
Ci := Ci-1 can be simulated by Xi := tl Xi (recall that £/(nil) = nil). Command if 
Ci = 0 goto £ else £' can be simulated by if Xi goto £' else £ (the test is reversed 
since counter value 0 corresponds to the end of the list, which has list value nil = false). 
Command if in Ci = 0 goto £ else £' can be simulated by if hd Xi goto £' else £ 
(the test is again reversed since symbol 0 is coded as nil = false). 

Conversely, suppose that we are given a GOTOro-program p and the input list 
(a n a n _i...afc...a ;L ) G Don We assume n > 0; a special case can be added to give the 
correct answer if n = 0. 
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The variables X of p can only point to: one of three things: 1) a position (a^...a/c...ai) 
within the list with i > 1; or 2) the root of (nil.nil), encoding some a* = 1; or 3) the 
atom nil. 

Thus variable X may be represented by two counter variables XI, X2. In case 1) XI 
has i > 1 as value. In case 2) XI has value 0 and X2 has value n. In case 3) both variables 
have value 0. 

Counter code to maintain these representation invariants is straighforward to con¬ 
struct, by enumerating the possible forms of GOTOro commands. □ 


Proof. Lemma 24.1.4: we must show that any cw value O program p is equivalent to some 
program q without C := C+l. All counters are by assumption bounded by n, so we need 
not account for “overflow." Recall that counter CO is initialized to the length n of the 
input. 

We can simulate C := C+l (without addition!) by using an auxiliary variable Tern 
and exploiting the instruction Tem := CO which assigns input length n to Tem. Let the 
initial value of C be i. 

The following works in two phases: first, variable Tem is initialized to n, and then 
C and Tem are synchronously decremented by 1 until C = 0. Thus Tem ends at n — i, at 
which point it is decremented once again, to n — i — 1. For the second pass C is reset 
to n, and Tem and C are again synchronously counted down until Tem = 0. Once this 
happens, C is i + 1 = n — (n — i — 1), as required. Note that if C = n, the effect is to leave 
C unchanged. 


Tem := CO; 
while C / 0 do 

{C := C—1; Tem := Tem-l}; 
Tem := Tem - 1; 

C := CO; 

while Tem ^ 0 do 

{C := C - 1; Tem := Tem - 


(* Tem := n *) 

(* Tem := n — i and C := 0 *) 

(* Tem : = n — i—1 *) 

(* C := n *) 

(* C := z + 1 by decreasing Tem to 0 *) 

i}; 

□ 


Proof. Corollary 24.1.5: We must show that any CM l ° 9Space program p is equivalent to 
some £}i[ value ( n ) program q. We do this in two stages. 


Representation of an n 2 -bounded CM counter by a fixed number of 2n-bounded 
counters. Consider the traditional enumeration of pairs of natural numbers: 


{(0,0),(0,1),(1,0),(2,0),(1,1),(0,2),(0,3),...} 
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as described in Appendix A.7. We represent any one counter Cz with value z by two 
counters Cx, Cy with values x,y such that z is the position of the pair (x,y) in this 
enumeration. Note that 

z = {x + y)(x + y + l)/2 + y = [x 2 + 2xy + y 2 + x + 3?/)/2 

so 0 < x 2 ,y 2 < 2 z. Thus x,y < 2n if z <n 2 . 

Each CM operation on Cz is simulable by operation on Cx, Cy as in Figure 24.1. For 
example, Cz: =Cz+l involves moving Northwest one position along a diagonal unless x = 0, 
in which case one moves to the start of the next diagonal. 

We showed earlier that without loss of generality one may assume that test if In c = 0 
goto £ else £' is only performed when the value i of C satifies i<n. This is harder, as it 
involves reconstructing i from the representation Cx, Cy of C. First, Cx and Cy are copied 
into Dx, Dy, giving representation of a variable we could call D. By manipulating Dx and 
Dy the loop decrements D until it reaches 0 or n decrements have occurred, meanwhile 
counting variable R up by 1 at each iteration. The net result is to set R to i = min(z,n), 
and that input position is then tested. 

This reduces the counter bound from n 2 to 2n; the technique below can be used to 
reduce this further to n. □ 

The development above supports the intuition that LOGSPACE is precisely the class of all 
problems solvable by read-only programs, which may move any fixed number of markers 
around their input, but cannot use any other form of storage. The characterization by 
GOTO programs is particularly elegant, although one has a suspicion that such programs 
will take extra time due to the complexity of “backing up” to inspect an already-seen 
input. 

Representation of one 2n-bounded CM counter C by several n-bounded coun¬ 
ters. We represent C containing x by counters Under and Over, where Under contains 
min (x,n), and Over contains 0 if x < n and x — n otherwise. Each CM operation on C is 
simulable as in Figure 24.2. Variable N is counter CO, initialized to the input length n 
(again assumed to be posititve). 

24.1.3 Relation to functional and Wadler’s treeless programs 

Wadler’s “treeless transformer,” when applied to any of a quite useful class of first- 
order programs, will automatically yield a linear-time equivalent program which builds 
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operation on C 

Simulation on Cl, C2 

Cz := Cz+1 

if Cx ^ 0 then {Cx := Cx-1; Cy := Cy+l} 
else {Cx := Cy+l; Cy := 0} 

Cz := Cz-1 

if Cy 7 ^ 0 then {Cx := Cx+1; Cy := Cy-l} 
else {Cy := Cx-1; Cx := 0} 

if Cz 7 ^ 0 goto f 

if Cl / 0 or C2 / 0 then goto l 

if In c 7 ^ 0 goto t 

R := 0; S := CO; Dx := Cx; Dy := Cy; 
while S / 0 and not(Czl = Cz2 = 0) do 
{R := R+l; Code for D := D-l} 
if In R 7 ^ 0 goto £ 


Figure 2^.1: Simulating an n 2 -bounded counter by two 2n-bounded counters. 


Operation on C 

Simulation 

C := C+l 

if Under = n 

then Over : 0ver+l else Under : Under+1 

C := C-l 

if Over 0 

then Under : Under 1 else Over : Over 1 

if c 7 o goto e 

if Over 7^ 0 or Under 7^ 0 then goto £ 

if In c 7^ 0 goto £ 

if Inunder ^ 0 goto £ 


Figure 24-2: Simulating a 2n-bounded counter by n-bounded counters. 

no intermediate tree structures [172]. Here cons operations may appear (and other 
constructors too, henceforth ignored); but their only function is to construct output 
values, not to produce data in one program part that will be consumed in another (the 
functional world's equivalent of “storage”). 

Relaxing Wadler’s requirement that right sides must be linear (not contain two refer¬ 
ences to the same variable), we obtain a language identical to F+rotr. Consider a treeless 
program that yields only constant values as output. Even though it may use cons in¬ 
ternally, the program output by his transformation then contains no “cons” operations 
at all. Again relaxing the linearity requirement on right sides, we obtain a language 
essentially identical with F+rotr. 


Theorem 24.1.8 Without the right side linearity requirement, treeless programs with 
input in {0,1}* and output in {0,1} decide exactly the problems in LOGSPACE. 
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24.2 Characterizing ptime by cons-free programs 

with recursion 

We now prove that ptime is identical to the set of problems solvable by cons-free pro¬ 
grams with recursion. This is analogous to the intrinsic characterization of LOGSPACE, 
without reference to time or storage bounds. 

24.2.1 The recursive extension of a programming language 

Definition 24.2.1 Suppose L is a programming language in which each program has 
form 

1:11 2:12 ... k:Ik 

The recursive extension L +rec is defined so L +rec -programs consists of all programs with 
syntax as in Figure 24.3. where each instruction In, Jn or Kn can be either: 

• “call Pr” where 1 < r < m; or 

• Any L-instruction (unlimited, except that in each procedure Pi, any referenced 
variable X must satisfy X G {Ul,... ,Uu,Pil,Pi2,.. .}, i.e. it must be either local or 
global). 

Semantics is what you expect and so only briefly described. A total state is a sequence 
(10, do, If • • • ,ln,(j n ,exit). 

Storage : a n contains the global variable bindings, contains the variable bindings of 
the most recently called procedure, and a i,..., cr n -i contain bindings of earlier procedures 
that have been called but not yet returned from. Variable fetches and assignments are 
done using only cr n and 

Control : 10 is the current control point, 11 ,... ,ln are return addresses, and exit 
indicates program termination. The initial state is (1,[U1 i—> input), exit). Instruction 
“l:call Pi” causes 10, (To to be replaced by 

15 &new •) 10 +1, (Jo 

Here 1 is the new procedure’s initial control point, and a new assigns default values to 
all of Pi’s local variables. Thus label 10+1 plays the role of “return address” (or exit 
for the initial call.) When a procedure’s last instruction has been executed, the leftmost 
label and store 10 , (Jq are popped off, and control is transferred to the instruction whose 
label is on the stack top. 
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globalvariables Ul,...,Uu; 

procedure PI; localvariables Pll,...,Plv; 

1:11 2:12 ... i:Ii 

procedure P2; localvariables P21,...,P2w; 

1 :J1 2:J2 ... j:Jj 

procedure Pm; localvariables Pml,...,Pmx; 

1:K1 2:K2 ... k:Kk 

read Ul; 1:call PI; 2: write Ul 

Figure 24-3: Recursive program syntax. 

24.2.2 Simulating ptime without cons 

As a first step we use the flow chart implementation of GOTO using arrays, as in Section 

17.2 of Chapter 17. An example appears in Figure 17.5. 

Lemma 24.2.2 Given a GOTO-program p = 1 :Ii 2:12 . . .m:I m and an input d G IDoi- 
Let (£i,cri) —> ••• be the (finite or infinite) computation of p on d, where 

£i = l and <j 1 is the initial DAG for input d. Then for any t > 0 and variable X the 
equations in Figure 24.4 hold. 

Proof. A simple induction on £, using the definitions from Figure 17.4. □ 

Theorem 24.2.3 If V C IDqi is decidable by a (recursive or nonrecursive) WHILE- 
program p in polynomial time, then V is decidable by a CM /o ^ space+rec -program. 

Proof. Suppose one is given a WHILE-program p that runs in time f(n) where / is a 
polynomial, and an input d. The various functions Instr^Hd^Tl^X* are computable by 
mutual recursion, at least down to t = n + 3 (the time used to build the initial DAG as in 
Section 17.2.2). Further, the values of Hd^Tl* for t = 0,1,... ,n + 2 are determined solely 
by the program input d, and easily computed. 

Regard each equation in Figure 24.4 as a definition of a function of one variable t. 
This is always an integer, between 0 and f(n) + n + 3 where n = |d|. 

The calls all terminate, since in each call the value of argument t decreases. Now t 
is bounded by the running time, which is a polynomial in the size of d, hence p can be 
simulated by a recursive counter machine with polynomial size bounds on its counters. 
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Instr 


t+i 


1': ly 
1': ly 
1": I y, 

1+1: Ii+i 


if Instr* 
if Instr* 
if Instr* 
otherwise 


goto 1* 

if X goto 1 J else 
if X goto 1* else 


l" and X* ^ 0 
l" and X t = 0 


Hd t+ i 


Tlt+i 


t+i 


Y t 

if Instr* ; 

0 

otherwise 

It 

if Instr* = 

0 

otherwise 

Y t 

if Instr* = 

Hd (Y t ) 

if Instr* = 

-to 

1 —1 
H 

if Instr* = 

t + 1 

if Instr* = 

x t 

otherwise 


1 : 


1: 


= cons Y Z 


= cons Y Z 


= hd Y 
= tl Y 
= cons Y Z 


Figure 24-4 : Relations among the values of Hd, Tl, X in general 


The value of output variable X is thus available, e.g. to a “print” function, through 

X /(n)+n+3- D 

Corollary 24.2.4 If A is decidable in polynomial time, then it is decidable by an F+ro 
program. 

Proof. By the means seen seen earlier in Section 24.1, the CM Zo ^ space+rec -program can 
be simulated by a |d|-bounded counter machine with recursion (the addition of recursion 
requires no changes to the constructions), and this in turn can be simulated by a cons-free 
F+-program. □ 

Remark. Time analysis of this procedure reveals that it takes exponential time, due 
to recomputing values many times (for example, Instr* is recomputed again and again). 
Thus even though a polynomial-time problem is being solved, the solver is running in 
superpolynomial time. Fortunately, the following result gives a converse. 

Theorem 24.2.5 If V C Dqi is decidable by an F+ro program, then V is decidable in 
polynomial time. 
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Proof. (Sketch.) This is done by tabulation. Suppose we are given an F+ro program p, 
and an input do = (a x ... a n ) G D. 

The idea is to collect a set MFG 1 of triples of forms (f,cr,«) or (f,cr,d), where f is 
the name of a function defined in p, cr is a tuple of arguments to f, and d G ID. These 
signify the following. 

1. (f , cr, •) G MFG : function f appearing in program p has been called, with argument 
tuple a. Computation of the value of f (cr) is not yet finished. 

2. (f ,cr,d) G MFG : function f appearing in program p has been called, with argument 
tuple a , and the value f (cr) = d has been computed. 

Since p is cons-free, the value that a assigns to any variable X must be a pointer to some 
part of do- There are at most n of these, and so there exist at most 2m-n fc+1 possible 
triples in MFG , where m is the number of functions defined in p. 

The simulation algorithm: 

1. MFG := {(f 1, [XI i—> (do)],*)}, where the first function in p is f 1 and has argument 
XI. 

2. Repeat steps 3 through 9 until MFG cannot be changed. 

3. Pick a triple (f ,cr,«) G MFG , and find the definition f (XI, . . . ,Xn) = Exp in pro¬ 
gram p. 

4. Attempt to evaluate Exp with XI, . . . ,Xn bound to the values in a. 

5. If the value of a call g(Expl, . . . ,Expm) is needed in order to evaluate Exp, try to 
evaluate the arguments Expl, . . . ,Expm to yield a tuple a'. 

6. If argument evaluation fails, then abandon the current attempt to evaluate Exp. 

7. If argument evaluation succeeds and MFG contains a triple (g, cr', d'), then continue 
to evaluate Exp with d' as the value of the call g(Expl, . . . ,Expm). 

8. If argument evaluation succeeds but MFG contains no triple (g,cr',d') with d' G D, 
then perform MFG := MFGU {(g, </,•)}, and abandon the current attempt to 
evaluate Exp. 

9. If evaluation of Exp with XI, . . . ,Xn bound to the values in a succeeds with result 
value d, then replace (f,cr,•) G MFG by (f,cr,d) G MFG. 

10. If (f, [XI i * (do)],d) G MFG, then ][p]](d 0 ) = d, else [[p]](d 0 ) = _L. 


1 MFG stands for “minimal function graph.” as in [83]. 
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MFG is used for two purposes while simulating program p. The first is as an “oracle,” 
from which to fetch values of already computed function applications, rather than re¬ 
computing them. The second is as a “repository” in which the triple (f,cr,d) is placed 
every time a new fact f (cr) = d has been established. If this happens, the triple (f ,cr,«) 
(which must already be in MFG) is replaced by the new (f,<j,d). 

This process is repeated until MFG cannot be increased. If one ever adds a triple 
(f 1 , [XI i-* do], d), then we know that [[p](cLo) = d, and the computation stops. The entire 
algorithm can be made terminating, since there exists only a polynomially bounded 
number of possible triples to put in MFG. 

Interestingly, the same technique also works if p is nondeterministic, and the method 
applies as well if the functions are replaced by relations. □ 


Further developments. Cook [30] proved similar results in the framework of “auxil¬ 
iary push-down automata.” Further developments involving efficient memoization led to 
the result that any 2DPDA ( two-way deterministic pushdown automaton ) can be simu¬ 
lated in linear time on a RAM ([27, 76, 6]). This in turn led to efficient pattern-matching 
algorithms, in particular the Knuth-Morris-Pratt string matcher - an interesting case 
where investigations in “pure theory” led to a practically significant algorithm. 


An interesting open problem. The results above can be interpreted as saying that, 
in the absence of “cons,” functional programs are capable of simulating imperative ones; 
but at a formidable cost in computing time, since results computed earlier cannot be 
stored but must be recomputed. In essence, the “heap” can be replaced by the “stack,” 
but at a high time cost. 

It is not known, however, whether this cost is necessary. Proving that it is necessary 
(as seems likely) would require proving that there exist problems which can be solved in 
small time with general storage, but which require large time when computed functionally. 
A simple but typical example would be to establish a nonlinear lower bound on the 
time that a one-tape, no-memory two-way pushdown automaton [30] requires to solve 
some decision problem. One instance would be to prove that string matching must take 
superlinear time. We conjecture that such results can be obtained. 
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Exercises 

24.1 Prove the missing part of Theorem 24.1.2. (Note that two inclusions need to be 

established.) □ 

24.2 Prove that it is possible to construct from any GOTOro program an equivalent WHro 

program, and vice versa. (You may appeal to constructions seen earlier.) □ 

24.3 Prove that it is possible to construct from any GOTO program an equivalent Fro 

program. □ 

24.4 Try to show how to construct from any Fro program an equivalent GOTOro or WHro 

program. Reflect on the results of your attempt. □ 

24.5 Assume that WHro programs are allowed a command “write X” whose effect is to 
extend a write-only output string by 0 in case the value of X is nil, and to extend it by 
1 otherwise. The output string is initially empty. 

Denote by x the binary representation of number x, as a list of bits written in reverse 
order, i.e. least significant bit first. Write a WHro program which, when given input 
(x y ), will write out x + y. □ 

24.6 Assume WHro programs have outputs as described in the previous exercise. Write 

a WHro program which, when given input (aia 2 ... a n ) where each a i G {0,1}, will write 
out its reversal (a n a n _i... ai). □ 


References 

Both of the main results of this chapter have been seen before in other forms. 

It has long been a “folklore theorem” that LOGSPACE consists of exactly to the sets 
decidable by a multihead, two-way read-only Turing machine. The result of Theorem 
24.1.7 implies this, since such a Turing machine is essentially identical to a cy[ value ( n ) 
program. Our result is a bit stronger since Theorem 24.1.7 can be read as saying that 
the Turing machine could be restricted only to move its heads right, or to reset them 
back to the start of the input tape. 

More than 25 years ago Cook [27] used a somewhat different framework, “auxiliary 
push-down automata,” to characterize ptime. In essence this is very close to our proof 
that PTIME equals the sets decidable by Frotr-programs, the main difference being that 
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our recursive programs have an implicit call stack in place of Cook’s nonrecursive au¬ 
tomata with an explicit single stack. 

In comparison to these classical results, our program-oriented version seems more 
natural from a programming viewpoint (both appear in [88], which sums up the results 
of this chapter). In particular, the results are still of considerable interest as regards 
relationships between time and space, or the power of “cons” in a functional language. 





Part V 


Complete Problems 




25 Completeness and Reduction of One 
Problem to Another 


An old slogan: “If you can't solve problems, then at least you can classify them.” 

25.1 Introduction 

The unsolved problems of Theorem 23.5.1 concerning proper containments within 

LOGSPACE C NLOGSPACE C PTIME C NPTIME C PSPACE = NPSPACE 

are apparently quite difficult, since they have remained open since the 1970s in spite of 
many reseachers’ best efforts to solve them. This has led to an alternative approach: to 
define complexity comparison relations < between decision problems (different relations 
will be appropriate for different complexity classes). 

The statement A < B can be interpreted as “problem A is no more difficult to solve 
than problem B ,” or even better: “given a good way to solve B , a good way to solve A 
can be found.” Further, we can use this idea to break a problem class such as NPTIME 
into equivalence subclasses by defining A and B to be of equivalent complexity if A < B 
and B < A. 

Complexity comparison is almost always via reduction of one problem to another: 
A < B means that one can efficiently transform an algorithm that solves B within given 
resource bounds into an algorithm that solves A within similar resource bounds 1 2 . Two 
interesting facts lie at the core of modern complexity theory, and will be proven in the 
following chapters: 

1. Each of the several complexity classes C already studied possesses complete prob¬ 
lems. Such a problem (call it H ) lies in class C, and is “hardest” for it in the sense 
that A < H for each problem A in C. Class C may have many hardest problems. 

2. A complete problem H for class V has the property that if H G C for a lower class 
C in the hierarchy of Theorem 23.5.1, then C = V: the two classes are identical. 
Informally said, the hierarchy collapses at that point. 

1 Examples have already been seen in Chapter 10 including Definition 10.1.1. There several problems 
were proven undecidable by reducing the halting problem to them. Intuitively: if HALT is thought of 
as having infinite complexity, proving HALT < B shows that B also has infinite complexity. 
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3. Even more interesting: Many natural and practically motivated problems have been 
proven to be complete for one or another complexity class C. 

25.1.1 Forms of reduction 

The idea of reduction of one problem to another has been studied for many years, for 
example quite early in Mathematical Logic as a tool for comparing the complexity of 
two different unsolvable problems or undecidable sets. Many ways have been devised to 
reduce one problem to another since Emil Post’s pathbreaking work in 1944 [143]. 

A reduction A< B where (say) A,B CD can be defined in several ways. First, the 
reduction may be many-one : one shows that A < B by exhibiting a total computable 
function such that for any d G ID we have d G A if and only if /(d) G B. Clearly, an 
algorithm for deciding membership in B can be used to decide membership in A. (A 
concrete example will be given shortly.) A stronger version is one-one, in which / is 
required to be injective. 

An alternative is truth-table reducibility , where one answers a question xg 4? by 
asking several questions y\ G B,...,yk G B1 , and then combining the truth values of 
their answers in some preassigned way. Yet another variant is Turing reducibility , where 
question xGi? gives rise to a dialogue: a whole series of questions about membership 
in B. The first question depends only on x. The second question (if any) can depend 
both on x and the response (positive or negative) to the first question; and so forth. The 
chief requirement on such a reduction is that the series is required to terminate for every 
x and answer sequence. 

If computability is being studied, the only essential requirement is that the reduction 
be effective. Complexity classifications are naturally involve bounds on the complexity 
of the questions that can be asked, for example of the function f used for many-one 
reducibility. In order to study, say, the class nptime using many-one reducibility, it is 
natural to limit one’s self to questions that can be computed by deterministic algorithms 
in time polynomial in \x . 

25.1.2 Three example problems 

Appendix Section A.l describes graphs, and boolean expressions and their evaluation. 
We use the term CNF to stand for conjunctive normal form. 


Definition 25.1.1 
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1. A /c-clique in undirected graph G is a set of k vertices such that G has an edge 
between every pair in the set. Figure 25.1 shows a graph G containing two 3-cliques: 
one with vertices 1, 2, 5 and another with vertices 1, 4, 5. 

2. A boolean expression T is said to be closed if it has no variables. If closed, T can 
be evaluated by the familiar rules such as true A false = false. 

3. A truth assignment for T is a function 0 mapping variables to truth values such 
that 9{IF) is a closed boolean expression. T is satisfiable if it evaluates to true for 
some truth assignment 9. 

4. By definition 

SAT = {T | T is a satisfiable boolean CNF expression} 

For an example of the satisfiability problem, the CNF expression 
{A V -iS) A {B V C) A (iA V -C) 

is satisfied by truth assignment 9 = [A f—» false, B i—>• false, C f—> true]. □ 

Three combinatorial decision problems. Following are three typical and interest¬ 
ing problems which will serve to illustrate several points. In particular, each will be seen 
to be complete, i.e. hardest, problems among all those solvable in a nondeterministic 
time or space class. The problems: 


GAP 

“ { (G, Vo, V en d') 

directed graph G — (V,E) has a path 



from vertex vq to v en d } 

CLIQUE = 

= {( G,k ) 

undirected graph G has a /c-clique } 

SAT 

= {T 

T is a satisfiable boolean CNF expression } 


25.1.3 Complete problems by reduction to programs with only 

boolean variables 

In this and the following chapters, we prove problems complete for various classes using 
a novel approach. Supose we are given a decision problem H that we wish to show 
complete for complexity class C. The most intricate part is usually to show that H is 
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Figure 25.1: An undirected graph, and its incidence matrix. 


“hard” for C: to show that A< H for any arbitrary problem A G C, using an appropriate 
reduction notion < for classifying problems 2 in C. 

To say we are given an arbitrary problem A £ C usually means we are given an L- 
program p (for some language L) that decides membership in A within the time, space, or 
other resource bounds defining problem class C. Reduction usually establishes hardness 
by showing how, given a resource-bounded program p G L -prog that solves A, to construct 
a reduction function f. 

Such a function maps problems in C into problems in C, and has the property that 
for any input d G L -data, the answer to the question “does p accept d?” is “yes” if and 
only if /(d) G H. Our approach usually proves a problem H hard for C in two steps: 

1. Reduce the question “is d G A” to a question involving a very simple class SBV of 
programs involving only boolean variables. 

2. Then we further reduce the question about programs in SBV to a question involv¬ 
ing problem H. Typically H is a simple mathematical, logical, or combinatorial 
problem defined without any reference to programs at all. 


25.2 Invariance of problem representations 

Before comparing problem complexities, we have to address a question: can the way a 
problem is presented significantly affect the complexity of its solution? For one example, 
a number n can be presented either in binary notation, or in the much longer unary 
notation, such as the list form nil n used before. Another example is that a directed or 

2 Showing that H G C is usually much more straightforward. 
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undirected graph G = (V,E) with V = {ui,U 2 ,. ..,v n } can be presented in any of several 
forms: 

1. An n by n incidence matrix M with Mij equal to 1 if ( v^Vj) G E and 0 otherwise. 
Figure 25.1 contains an example. 

2. An adjacency list ...) for each v G V, containing all vertices u for which 

(v,u) G E. An example is 

[1 1 —> (2,4,5),2 1 —> (1,3,5),3 1 —> (2,4),41—> (1,3,5),5 1 —> (1,2,4)]. 

3. A list of all the vertices v G V and edges (vi,Vj) G E, in some order. Example: 

[1,2,3,4,5], [(1,2),(2,3),(3,4),(4,5),(5,1),(1,4),(2,5)]; or 

4. In a compressed format, in case the graph is known to be sparse, i.e. have few edges 
between vertices. 

Loosely speaking, unary notation for numbers seems unnatural given that we measure 
complexity as a function of input length, since unary notation is exponentially more 
space-consuming than binary notation. 

There are also differences in the graph representations, though less dramatic. For 
example, the incidence matrix is guaranteed to use n 2 bits, but a sparse matrix could be 
stored in much less space; and even the apparently economical adjacency list form is less 
than optimal for dense graphs, as adjacency lists can take as many as 0(n 2 logn) bits, 
assuming vertex indices to be given in binary. 

Problem equivalence modulo encodings 

One may circumvent many of these problems by considering problems “modulo encod¬ 
ings,” i.e. to consider two problem representations PI and P2 to be equivalent if there 
exist computable functions to convert instances of PI problems into instances of P2 
problems with corresponding solutions, and vice versa. Ideally such conversion functions 
should be simple, and efficiently computable, so a good solution immediately gives rise 
to a good solution to P2 and vice versa. 

It is not known whether the CLIQUE problem is in ptime or not — all known 
algorithms take exponential time in the worst case. However a little thought shows that 
the choice of representation will not affect its status, since one can convert back and forth 
among the representations above in polynomial time; so existence of a polynomial time 
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CLIQUE algorithm for one representation would immediately imply the same for any of 
the other representations. 

From this viewpoint the most “sensible” problem representations are all equivalent, at 
least up to polynomial-time computable changes in representation. The question of rep¬ 
resentation becomes trickier when one moves to lower complexity classes, and especially 
so for linear time computation. 

Recent work by Paige on the “reading problem” [137] shows that data formed from 
finite sets by forming tuples, sets, relations, and multisets can be put into a canonical and 
easily manipulable storage form in linear time on an SRAM 3 . This ensures the independence 
of many standard combinatorial algorithms from the exact form of problem presentation. 


25.3 Reduction for complexity comparisons 


Reducing SAT to CLIQUE in polynomial time 


Many superficially quite different problems turn out to be “sisters under the skin,” in the 
sense that each can be efficiently reduced to the other. We show by informal example that 
SAT < CLIQUE. This means that there is a polynomial time computable function / 

ptime 


which, when given any CNF boolean expression T, will yield a pair f{T) — (G, &) such 
that graph G has a /c-clique if and only if T is a satisfiable expression. 

This implies that CLIQUE is at least as hard to solve as SAT in polynomial time: 
given a polynomial time algorithm p to solve CLIQUE, one could answer the question 
“is T satisfiable?” by first computing f[T) and then running p on the result. 


Construction 25.3.1 Given a conjunctive normal form boolean expression T — C\ A 
... A G/c, construct a graph f{fF) = (G, k) where graph G = (U, E) and 

1 . V = the set of occurrences of literals in T 

2. E = {(a,b) | a and b are not in the same conjunct of T, and neither is the negation 
of the other} 

For an instance, the expression 

(A V - B ) A(5VG)A (-.A V -.G) 

3 The term “pointer machine” is sometimes used but imprecise, as argued in [10]. By most definitions, 
the programs obtained by compiling GOTO programs into SRAM code are all pointer programs. 
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Figure 25.2: The graph f((AW -*B) A {B V C) A (pAV-iC)). 


would give graph f{F) as in Figure 25.2. The expression T is satisfied by truth assign¬ 
ment [A > false, B f—> false, C » true], which corresponds to the 3-clique {~^A,~^B,C}. 
More generally, if T has n conjuncts, there will be one n-clique in f(J~) for every truth 
assignment that satisfies T, and these will be the only n-cliques in f{fF). 

It is also possible to show that CLIQUE < SAT, but by a less straightforward 

ptime 

construction. We now proceed to define these concepts more formally. 


25.3.1 A general definition of problem reduction 

Recall that a problem is identified with deciding membership in a set of strings A CF 
where E = {0,1}. 

Definition 25.3.2 Let < be a binary relation between decision problems over E = {0, 1}. 
Let C,V C?(F) be two sets of problems 1 2 3 4 with C CP. Relation < is called a C, V- 
classifier if for all A,B,C C E* 

1 . A < A Reduction is reflexive 

2. A < B and B < C implies A < C Reduction is transitive 

3. A < B and B E C implies AeC C is downwards closed under reduction 

4. A < B and B G V implies AeV V is downwards closed under reduction 
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Figure 25.3: A complete problem H for V. 


Definition 25.3.3 Given a C, P-classifier < and sets A : B,H C H* 

• A, B are <-equivalent if A < B and B < A. 

• H is <-hard for V if A < H for all A^V. 

• H is <-complete for V if H G P, and H is <-hard for V. 

Figure 25.3 illustrates the idea that problem H is complete; it lies within set P, and 
every problem in V or its subset C is reducible to H. The following shows the utility of 
these ideas: if a problem complete for a larger class is contained in a smaller class (with 
an appropriate reduction), then the two classes are identical. 

Proposition 25.3.4 If < is a C, P-classifier, and C CD, and H is <-complete for P, 
then H G C if and only if C = V. 

Proof. “If” is trivial. For “only if,” suppose H G C, and let A G V be arbitrary. By 

completeness A < H , and by the definition of a classifier, A G C. Thus DC C and so 

V = C. □ 

Proposition 25.3.5 If A is <-complete for X>, and A < B for some DcD, then B is 
also complete for V. 

Proof. Let DcDbe arbitrary. By completeness of A, D < A. D < A and A< B implies 
D < B by transitivity of <. Thus B is P-hard, so B G V implies it is P-complete. □ 
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Many-one reductions 

A common classification technique is by so-called many-one reduction functions. A func¬ 
tion / that reduces A to B has the property that x E A iff f(x) E B for all x. Thus 
the question “is x G AT can be answered by first computing f(x), and then asking “is 
f(x) G BT Provided / is essentially simpler to compute than the problem of deciding 
membership in A , this shows a way that answering one problem can help to answer 
another. 

Definition 25.3.6 Given a class Fns of total functions / : £* —» £*, define 
A < B if and only if 3f G Fns(Vx G E* . x G A if and only if f(x) G B) 

Fns 

The general idea is that Fns is a class of “easy” reduction functions , that can be used to 
classify complex problems by reducing one to another. An example would be the function 
/ used to reduce SAT to CLIQUE in the example seen earlier. 

Lemma 25.3.7 < is a C, 'D-classifier, provided 

Fns 

1. Class Fns contains the identity function id : E* —» £*, 

2. Fns is closed under composition (so f,g G Fns implies fogE Fns), 

3. / : E* —> E* G Fns and B EC implies {x \ f(x) G B} G C, and 

4. / : E* —>• E* G Fns and B EV implies {x | f(x) E B} EV. 

Proof. Condition 1 implies A < A for any A. If A < B by function / in Fns and B < C 

Fns Fns Fns 

by function g in Fns, then A < C by function go f in Fns, by Condition 2. Finally, by 

Fns 

Conditions 3 and 4 A< B,B E C imply AeC , and A < B,B EV imply AeV. □ 

Definition 25.3.8 Some special cases of many-one classifiers: 

< : Fns = {total recursive functions /:£*—>!]*} 

rec 

< : Fns = {polynomial time computable functions /:£*—>£*} 

ptime 

< : Fns = {logarithmic space computable functions / : £* —> £*} 

logs 

Theorem 25.3.9 Consider the list of problem classes LOGSPACE, NLOGSPACE, ptime, 
NPTIME, PSPACE, REC, RE. 
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1. < is a REC, RE-classifier 

rec 

2. < is a ptime, P-classifier for any V appearing later in the list than ptime. 

ptime 

3. < is a LOGSPACE, P-classifier for any V appearing later in the list than LOGSPACE. 

logs 

Proof. Straightforward verification of the conditions of Lemma 25.3.7. □ 

The following shows that the complement of a complete problem is also complete, pro¬ 
vided the class it is in is closed under complementation. 

Theorem 25.3.10 Suppose that V is closed under complementation, meaning A G V 
implies E* \ .A E P. If < is a C, P-classifier and problem H is <-complete for P, then 
E* \ H is also <-complete for V. 

Proof. Since H is <-complete for V it is in P, which implies E* \ H is also in P. Note 
that by completeness of H we have (E* \ H) < H. Further, it is immediate that A < B 
if and only if (E* \ A) < (E* \B) for any A,B. This implies H < (E* \H). 

To show hardness, consider an arbitrary problem A G P. Then A < H by hardness 
of H and so A < (E* \ H) by transitivity of reduction. Thus E* \H is <-complete for P. 

□ 


25.3.2 Sources of complete problems 

It may seem surprising that complete problems exist at all for our various complexity 
classes. Interestingly, most of the classes mentioned before (excepting linear time) have 
natural and interesting complete problems. The following chapters will discuss several in 
detail 

Existence of complete problems 

Given a class P and an appropriate notion of problem reduction <, a first question to ask 
is whether or not P has at least one <-complete problem, say, H. This can be technically 
difficult since it involves showing that any problem A in P can be reduced to i7, i.e. that 
H is “hard” for P. The other part, showing that H G P, is often (though not always) 
fairly straightforward. 

The usual way to show H to be <-hard for P is to begin with an arbitrary Turing 
machine (or other) program p that decides a problem A within the resource limits that 
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define T), and to show how, given an arbitrary p-input d, to construct a value /(d) such 
that d G A o /(d) G H. If / defines a <-reduction, the task is completed since one has 
shown A< H for any AeV. 

A powerful and general way to prove the existence of such problems is to make 
variants of the set accepted by the universal programs seen before (for instance we will 
see that the halting problem HALT is complete for the recursively enumerable sets). 
While this proves the existence of complete problems, the problems obtained this way 
are often, however, somewhat unnatural and unintuitive. An example will be seen below 
for nondeterministic linear time in Section 25.6. 

Showing other problems complete 

Once the existence of one <-complete problem for V has been established, other problems 
can be shown complete by Proposition 25.3.5: If H is <-complete for T>, and H < B, 
and then B is also complete for T>. This is usually much simpler since it does not 

involve reasoning about arbitrary programs in a computation model. The technique has 
been used extensively since Cook's pathbreaking work proving the existence of problems 
< -complete for nptime. Several hundred problems have been shown complete for 

ptime 

nptime and for ptime. Relevant books include [52] and [56]. 

However for this approach to be useful it is necessary that problem H be well-chosen: 
simply stated, and such that H can easily be reduced to many interesting problems. It is 
for this reason that the problems SAT and GAP have taken prominent roles within the 
classes nptime and NLOGSPACE, respectively. We will see similarly archetypical problems 
for both PTIME and PSPACE. 

We begin with two examples: one obtained by a universal construction, and one 
obtained from the state transition graphs used earlier. 


25.4 Complete problems for re by recursive 

reductions 

Theorem 25.4.1 The following set is < -complete for the class RE: 

rec 

HALT = {(p.d) | p is a GOTO-program and [[p]](d) ^ J_} 

Proof. HALT G RE by Theorem 5.6.1. We now need to show that A < HALT for any 

rec 
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A G RE. By Theorem 5.7.2, A G RE implies that there exists a GOTO-program p such that 
A = dom(l p]]). Thus for any d G XT 

d G A if and only if [[p]](d) ^ J_ if and only if (p.d) G HALT 

Thus A < HALT by the (obviously recursive) reduction function /(d) = (p.d). □ 

rec 

We conclude that HALT is a “hardest” problem among all recursively enumerable prob¬ 
lems. Further, for each problem X shown undecidable in Chapter 10, either X or its 
complement is < -complete for RE: 

rec 

Theorem 25.4.2 The following sets are <-complete for the class RE: 

rec 

1. HALT-2CM = {(p.d) | p is a 2CM-program and [[pj(d) ^ T}. 

2. The string rewriting problem DERIV. 

3. Post’s correspondence problem PCP. 

4. {(Gi,G 2 ) |Gi,G 2 are context-free grammars and L(Gi) r\L(G 2 ) / 0}. 

5. CFAMB = {G\G is an ambiguous context-free grammar}. 

6. CFNOTALL = {G\ L(G) ^ T* where T is CF grammar G’s terminal alphabet}. 
Proof. Chapter 8 showed that HALT < HALT-2CM , and Chapter 10 had proofs that 

rec 

HALT< X for each remaining set X in this list. By Theorem 25.4.1, A < HALT for any 

rec rec 

A G RE, so by Theorem 25.3.9, HALT< X implies A < X for any A GRE. Thus each of 

rec rec 

the sets X above is hard for RE. 

Further, it is quite easy to see that each of the sets A above lies in RE, concluding 
the proof. □ 

By the Friedberg-Muchnik theorem (see [155] for a proof) there exist incomparable re¬ 
cursively enumerable problems, that is to say, there are problems A , B such that neither 
A< B nor B < A holds. 

rec rec 

25.5 Complete problems for nlogspace by logspace 

reductions 

Theorem 25.5.1 The following set is < -complete for the class NLOGSPACE: 

logs 

GAP = { G = (V,E,vo,v en d) | graph G has a path from vertex to v en d } 
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Proof. Let G = (V,E,vo,v en d) be a given graph with designated start and finish ver¬ 
tices vo,v enc i and vertex set V = {iq,... ,u r }. Note that r < size(G) for any natural 
representation. 

First, GAP E NLOGSPACE by Theorem 23.3.1. We now need to show that if A E 
NLOGSPACE then A < GAP. Let A = Acc(p) where p is a nondeterministic TMro-program 

logs 

running in logarithmic space. 

Section 23.2 showed how to build the state transition graph G p (d) from d for a given 
TMro-program p. Further, the proof of Lemma 23.3.7 showed that the vertices and edges 
of G p (d) could be listed using at most Adogn space, where n = |d|. In other words, 
function /(d) = G p (d) is computable in logarithmic space. 

Clearly d E A if and only if p accepts d, which in turn holds if and only if /(d) = G p (d) E 
GAP. Consequently A < GAP, so GAP is NLOGSPACE-hard. It is also in NLOGSPACE, 

logs 

so it is < -complete for NLOGSPACE. □ 

logs 

Thus GAP is a “hardest” problem among all problems in NLOGSPACE: 

Corollary 25.5.2 GAP is in LOGSPACE if and only if LOGSPACE = NLOGSPACE. 
Theorem 25.5.3 The nonemptiness problem for regular grammars is < -complete for 

logs 

NLOGSPACE. □ 

Proof. First, it is in NLOGSPACE: Given regular grammar G= (iV,T,P,S'), build a graph 
with edge from A to B whenever there is a production A ::= xB. Then L(G) yf 0 iff 
there is a path from S to some G where G ::= x with xEP is a production in P. In 
Section 23.3 we saw that graph searching could be done by a nondeterministic algorithm 
in logarithmic space. The graph built has size no larger than that of the grammar, so 
this shows that the nonemptiness problem for regular grammars is in NLOGSPACE. 

Conversely, since the graph accessibility problem GAP is complete for NLOGSPACE 
it suffices by Proposition 25.3.5 to reduce GAP to the regular nonemptiness problem. 
Given a graph accessibility problem instance ( G,vo,v en d ), construct a grammar with 
start symbol vo , productions A ::= B for all edges A —> B of G, and a single terminal 
production v en d ::= £. This regular grammar will generate the set {^} if G has a path 
from vo to v en d , and 0 if there is no such path. □ 

The following are immediate from Theorem 25.3.10. 
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Corollary 25.5.4 The following set is < -complete for the class NLOGSPACE: 

logs 

GAP = { G = (V,E,Vo,v en( i) | graph G has no path from v 0 to v en d} 

Corollary 25.5.5 The emptiness problem for regular grammars is < -complete for 

logs 

NLOGSPACE. 

25.6 A problem complete for nlintime 

We now show that nlintime has a “hardest" problem with respect to linear-time reduc¬ 
tions. This problem is a variant of the set accepted by the universal program u; one of 
the complete problem sources mentioned in Section 25.3.2. 

A nondeterministic universal program 

By definition A G nlintime iff A is accepted by a nondeterministic program p which 
runs in time bounded by a • |d| for some a and all d G B. 

Recall the universal program u of Chapter 4. Construct a universal program nu for 
nondeterministic programs by extending the STEP macro by adding two rules to interpret 
the instruction choose Cl or C2, as follows. These can be implemented simply by using 
a choose instruction in the interpreter itself. 


Code 

Comp, stack 

Value 


Code 

Comp, stack 

Value 

(choose Cl C2).Cd 

St 

VI 


Cl.Cd 

St 

VI 

(choose Cl C2).Cd 

St 

VI 

=v> 

C2.Cd 

St 

VI 


It is easy to see that nu is efficient as we have defined the term, and that (p. d) is accepted 
iff p accepts d. 

Definition 25.6.1 / : ID —»ID is linear time and size computable if there are a, 5,p such 
that / = JpJ, and time p ( d) < a - |d|, and | /(d) | < b- |d| for all d G D. 

Definition 25.6.2 Let f,MCD. Then L is reducible to M (written L < M) iff there 

Itime 

is a linear time and size computable function / such that d G L iff /(d) G M for all d in 

B. 

Further, PCD is complete for NLINTIME iff P G NLINTIME and L < P for all L G 

Itime 


NLINTIME. 
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Lemma 25.6.3 < is a reflexive and transitive relation. 

Itime 

Proof. This is essentially the same as for Lemma 25.3.7. It is immediate that the 
identity function is linear time computable. Further, the composition of any two linear 
time computable functions is also linear time computable. Note that the size condition 
|/(d)| < b-\d\ for some b and all d G ID is needed for this: Functions computable within 
linear time without a size limit are not closed under composition since they can build 
values exponentially larger than their argument, for example by repeatedly executing 
X := cons XX. □ 

Lemma 25.6.4 L < M and M G lintime implies L G lintime. 

Itime 

Corollary 25.6.5 If H is complete for nlintime, then H G lintime if and only if 

NLINTIME = LINTIME. 

Theorem 25.6.6 WFA (while-free acceptance) is complete for nlintime, where 

WFA = {(p.d) | p is a while-free I program, and p accepts d} 

Proof. To show WF A G nlintime, modify the nondeterministic universal program nu 
as follows. First, check that input p is an encoded while-free program, and then run 
nu. The checking can be done in time linear in |p|, and while-freeness implies that 
£ p (d) < |p| regardless of d. Thus recognition of WF A takes time at most linear in 

Itime 

|(p.d)| for all p, d in ID. 

Now suppose problem A is accepted by p in time a • |d|. Given d, define /(d) = (q.d) 
where q is the following program, and STEP a l d l stands for a - |d| copies of the code for the 
STEP macro of section 4.1.1: 

read X; (* Input is d *) 

Cd := cons p nil; (* Control stack = (p.nil) *) 

VI := X; (* The value of X = d *) 

Stk := nil; (* Computation stack is initially empty *) 

STEP°'l d l; (* a- |d| = time bound *) 

write VI; (* Final answer is value of X *) 

Clearly / is linear time computable. Program q is while-free, and it works by simulating 
p on d for a - |d| steps. This is sufficiently long to produce p’s output 5 , so d G A if and 
only if /(d) G WF A. □ 

5 It also works if p stops in fewer than a - |d| steps, since the STEP macro makes no changes to VI if Cd 
is nil. 
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Exercises 


25.1 Prove that SAT < CLIQUE, i.e. that the reduction described before can be done 

logs 

in logarithmic space. □ 


25.2 Prove that GAP < GAP1, where GAP1 is the set of all acyclic graphs with a 

logs 

path from vq to v en d . Show that GAP1 is also < -complete for the class NLOGSPACE. 

logs 

Hint: given graph G = (V,U), the triple (G,vo,v en d) is in GAP iff G has a path from 
vo to v en d- This path can have at most n— 1 vertices, where n = \V\. Show how to 
construct from G an acyclic graph G' = (V',E') that has a path from v' 0 to v' end iff G 
has a path from vq to v en d . □ 


25.3 Prove that CLIQUE < VERTEXCOVER, where VERTEXCOVER is the set 

ptime 

of all of all triples (G,5,fe) such that S' is a subset containing k of G’s nodes, such that 
every edge of G includes a node from S as an endpoint. Hint: consider the complement 
graph G, with the same vertices but with all and only the edges that are not edges of G. 

□ 

25.4 Prove two parts of Theorem 25.3.9. □ 
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rec 
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ptime 

independently in 1972 [106, 104], but this was unrecognized for several years due to its 
terseness and inaccessibility. Cook’s and Levin’s results were not widely remarked until 
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Karp showed that a great many familiar combinatorial problems are also complete for 
nptime [95], at which time wide interest was aroused. 

Somewhat earlier in 1970, Savitch had in essence shown that the GAP problem is 
< -complete for NLOGSPACE in [157]; and in 1971 Cook had proved the “path problem” 

logs 

to be < -complete for ptime [26]. In 1972 Meyer and Stockmeyer proved some problems 

logs 

concerning regular expressions complete for PSPACE [126]. 

This author's 1973-77 papers [84, 75, 80, 79] defined the idea of logspace reduction 6 , 
defined the terms “complete for NLOGSPACE” and “complete for ptime,” and proved a 
fairly large set of problems complete for NLOGSPACE or ptime. The NLlNTlME-complete 
problem of Theorem 25.6.6 comes from [85]. 

Since the the 1970s, the field has grown enormously. Wide-ranging surveys of com¬ 
plete problems for nptime and ptime, respectively, may be found in the books by Garey 
and Johnson, and by Greenlaw, Hoover, and Ruzzo [52, 56]. 


6 This was done independently by Cook, and by Meyer and Stockmeyer too, at around the same time. 
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The fact that SAT is complete for nptime is perhaps the most important result in 
theoretical Computer Science. The technical breakthrough was Cook's realization that 
questions about Turing machine computations could be expressed in terms of formulas 
in propositional logic, i.e., boolean expressions. 

As a convenient stepping-stone we will first reduce questions about Turing machine 
computations to questions about boolean programs , and then reduce questions about their 
computations further to ones about propositional logic. Although the questions we ask 
are similar to the halting problem and so are all undecidable for Turing machines, boolean 
programs have decidable properties since their entire state spaces can be computed. 

In this and the next two chapters we prove theorems relating well-known complexity 
classes to properties of boolean programs, and then use them as a basis to show sev¬ 
eral standard combinatorial, logical and linguistic problems to be complete for various 
complexity classes. 

Definition 26.0.7 (The language BOOLE and sublanguages.) 

1. A boolean program is an input-free program q = Ii... I m where each instruction I 
and expression E is of form given by: 

I ::= X := E | I]_; I 2 | goto £ | if E then Ii else I 2 

E ::= X | true | false | Ei V E 2 | Ei A E 2 | -1 E | Ei => E 2 | Ei E 2 

X ::= X0 | XI ... 

2. Language SB00LE (sequential BOOLE) is identical, except that programs may not 
contain goto t. 

3. Language MCIRCUIT (monotone BOOLE) has a very limited instruction format: 

I ::= X := Y | X := true | X := Y V Z | X :=YAZ 

4. Boolean program q is single-assignment if no variable appears on the left sides of 
two different assignment statements 

Taking larger steps than before, we omit formally defining a semantics and data repre¬ 
sentation for programs. Informally, program semantics is as one would expect, where 
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all variables are assigned to false in the initial store. Since there is no input, rather 
than the form [[qj(d) used until now we instead write Jq]]{ and [[qj| to indicate that 
the computation by q does or does not terminate; and notation [[q]] to denote the value 
computed by q: the value stored by the last assignment done by program q, assuming 
MI (M is undefined if [q] f) • 


26.1 SBOOLE computation is complete for ptime 

Definition 26.1.1 The length |q| of a BOOLE program is the number obtained by count¬ 
ing one for every operator :=, appearing in q, and adding 1+ [log(z + l)] for 

each occurrence of a variable Xi in q. 

This is consistent with assuming that variable Xi is represented by a tag (such as the 
var used earlier) together with the value of i in binary notation. 

Lemma 26.1.2 An SBOOLE program always terminates, and can be executed in time 
polynomial in its length. 

Proof. Immediate by a simple algorithm slightly extending that of Section 3.4.2. 

Lemma 26.1.3 Let Turing machine program p run in polynomial time n(n) on inputs 
of length n. There is a logspace computable function / : {0,1}* —> {SBOOLE programs} 
such that for any d G {0, 1 }*: 

p accepts d if and only if [[/(d)]] SB00LE = true 

Proof. Let the given Turing program be p = Ii. . . I m . By assumption time™(d) < 7r(|d|) 
for some polynomial i r(n) and all d G {0,1}*. 

For a fixed p we show how to construct from d a Boolean program q= /(d) as desired. 
Without loss of generality we may assume that p accepts d if and only if p’s computation 
on d terminates at program control point m+1. 

Structure of program q = /(d). Figure 26.1 shows the structure of the SBOOLE 
program q that simulates p’s computation on d. If d = ai... a n then program q = /(d) 
has a total of 67r(n) + m + 5 boolean variables, grouped as follows. 

Name Intended interpretation: true iff Index range 

bg Instruction f of p is about to be simulated 1 < i < m + 1 

Tf TM square i holds symbol a G {B, 0,1} —7r(n) < i < 7r(n) 

Accept The TM has accepted input d 
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Each Turing machine instruction I is simulated by a sequence I of SBOOLE instructions 
using these Boolean variables, as detailed in Figure 26.2. The simulation will be arranged 
so that at any time t, the current Turing machine instruction £ will be described by 
Le = true and L& = false for k ^ £,1 < k < The Turing machine’s scanned square 

will be described by index 0, so if symbol B (for instance) is at the scanning position, the 
boolean program will have variables Tq = true and Tq = Tq = false. The square to the 
right of the scanning position will be similarly identified by index 1, and the square to 
the left, by index —1. 


Ti : a-!; T„ : a„; 

Input d ai... a n on squares 1,2,... ,n; 

Tn+l •— • • • i f71(71) •— ^5 

blanks to the right; and 

T 0 : B; T ! B; .. .; : B; 

blanks to the left. 

Li := true; Accept := false; 

Start at 11; p has not yet accepted d. 

STEP; 7r (") 

Run p for 7 r(n) steps. 

Accept := Accept; 

Accept = true iff p eventually accepted d. 


Figure 26.1: Turing simulation by Boolean program q= /(d) with d — ai. .. a n . 


To manage these clusters of boolean variables we use some abbreviations: 


T- • = 

= a; 

for 

T°:=false; T-:=false; T®:=false; Tf 

L L L L 

: =true; 


T- • = 

L i — 


for 

T’O . —yO . yl . —y 1 . yB . _yB . 

L i * L j > L i • L j > • L j> 



RIGHT(r); 

for 

T r : T r+ i; . . . ; T 1 : T 0 ; T 0 : Ti; . 

• T 1 'T • 

• • j 1 r— 1 — 1 r 9 

CQ 

1 

• • 

H 

LEFT(r); 

for 

T r : T r 1; . . . ; Ti : T 0 ; T 0 : T i; . . . 

• T 1 •—T 

9 1 —r +1 — 1 — r 9 

CQ 

1 

• • 

1 

H 


Turing instruction: 

Boolean sequence 

right 

RIGHT(7r(n)); 

Lp. false; L^ +1 : true; 

left 

LEFT(tt(?i)) ; 

Lp. false; L^ +1 : true; 

write a 

To := a; 

L^:=false; L^+i:=true; 

if a goto £' else £" 

Li := false; 

U' := T o; := ^ T o; 


Figure 26.2: Turing instructions simulated by Boolean instructions. 


Figure 26.1 contains tt (n) copies of the SBOOLE code STEP, which simulates a single step 
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of p's computation on d. Its form: 

! if Li then Ii else 
if L 2 then 1 2 ... 

if L rn then I m else Accept := true 

Lemma 26.1.4 Consider the state of Boolean program q just after the t -th execution 
of the instructions in STEP, where 0 < t < 7 r(n). Then will be true for exactly one £, 
and for each i with —7r(n) < i < 7r(n), Boolean variable T| will be true for exactly one a. 

Proof. Recall that any uninitialized variable has start value false. The result is imme¬ 
diate for t = 0 by the way q was constructed. Further, examination of the cases in Figure 
26.2 shows that these properties are preserved in going from t to t+ 1. 

Lemma 26.1.5 (Correctness of simulation) Let p F (£i,cri) —>... —»(£ r ,cr r ) be the com¬ 
putation by TM-program p on input d. For any 0 < t < r let at = L S R where bobi... b r = SR 
and b_ r .. .b_i = L. Then SB00LE program q, after executing STEP for the t -th interation, 
will be in a state such that Le t = true, and T^ = true for any i with — r < i < r. 

Corollary 26.1.6 At the end of execution, q will assign true to Accept if and only if 
p accepts d. 

Lemma 26.1.7 q= /(d) is constructible from d in space 0(log|d|). 

Proof. Construction of q begins by generating the initialization code for T^, Li and 
Accept, done with one loop over i = —7r(n),... ,7r(n). The code for one occurrence of 
STEP has 0(7r(n)) SB00LE instructions, and each Turing machine instruction code 1^, for 
£ = l,...,m, can be generated in time 0(n(n) logn). The STEP code is replicated 7 r(n) 
times, followed by generation of Accept :=Accept. These several loops all involve indices 
i,t that lie between — 7 r(n) and 7r(n) and so can be stored is space O(logn). 

Lemma 26.1.2 implies that SbooleComp is in ptime. By that result and the hardness 
property just shown, we have proven the following: 

Theorem 26.1.8 The following set 1 is < -complete for ptime: 

logs 

SbooleComp = {p | p is an SBOOLE program whose last assignment yields true} 

1 SbooleComp stands for “the sequential boolean program computation” problem. 
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26.2 The monotone circuit value problem 

Programs in the subset MCIRCUIT of BOOLE are so simple that they can be regarded as 
circuits. We now show that these too yield a decision problem complete for ptime. 

The key is to show that SBOOLE programs can be reduced still further, by eliminating 
if and The following proves this, plus another result we will use later (in Theorem 
26.3.3): that no variable is assigned in two different commands. 

Lemma 26.2.1 There is a logspace computable translation from any SBOOLE program 
p to another q such that Jp] = [[qj] and q has each of the following properties: 

1. The right sides of assignments in q are all of form X, true, X A Y, X V Y, or —iX, 
where X, Y are variables; and the if instruction tests only variables. 

2. Property 1 plus: q has no if instructions, so it is just a sequence of assignments. 

3. Properties 1 and 2 plus: no right side of any assignment in q contains 

4. Properties 1, 2 and 3 plus: q has the single-assignment property. 

Proof. We prove these accumulatively, in order. Item 1 is quite straightforward by 
adding extra assignments to simplify complex expressions (using methods seen before), 
and expressing the operators => and o in terms of V and -i. Any occurrence of false 
can be replaced by an uninitialized variable. 

Items 2 and 3 are less trivial. For item 2, suppose p = Ii... I m is an SBOOLE program. 
We define an if-free translation I of each instruction I, and set program q to be: 

Go : = true; I x . . . I rn 

The translation I is given below. Variable S below is to be chosen as a new variable 
for each occurrence of if in I, but the same Go is used for all of q. We have used 
expressions with more than one right-side operator for readability, but they can obviously 
be eliminated. 

if U then I else J = S:=Go; Go:=SAU; I; Go:=SA^U; J; Go:=S 
I; J = I; J 

X := E = X := (E A Go) V (X A -nGo) 

Remark: this translation is to be proven correct in Exercise 26.1. It definitely has 
deleterious effects on run time: Instead of choosing to execute either instruction I or J 
in if U then I else J, the translated program executes them both , but in such a way 
that only one of them has any effect (so the other is in effect a “no-operation”). 
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Correctness is based on the following claim: For any simple or compound instruction 
I, its translation I 

• has exactly the same effect as I on variables assigned in I, provided Go is true 
when its execution begins, and 

• has no effect at all on variables assigned in I, provided Go is false when its exe¬ 
cution begins. 

First, it is easy to see that the translation of X:=E will make no change to X if variable Go 
is false, and that it will effectuate the assignment X:=E if variable Go is true. Second, 
if Go is false when execution of instruction if U then I else J or instruction I; J 
begins, then it will remain false until its end, so I has no effect. 

Third, assuming Go is initially true, the translation of if U then I else J will 
execute the translations of both branches I and J, and in that order; and it will also set 
Go to true in the branch to be executed, and to false in the other branch. 

For item 3: Instructions of form X := -iY can be eliminated by a straightforward 
program transformation. The device is to represent every p variable X by two comple¬ 
mentary variables, X' and X", in its translation p'. The idea is that each will always be the 
negation of the other, and the value of X in p is the value of X'. This property is ensured 
at the start by prefixing the code of p' by instructions X" : = true for every X occurring 
in p (since all are initially false). The last step is to show how each of p’s instructions 
can be simulated while per serving this invariant representation property. This is easy, as 
seen in the table of Figure 26.3. Variable Tem is used in the last line so an assignment X 
: = -i X will not go wrong. 


Instruction in p Translation in p' 


X 

:= true 

X' : = true; 

X" 

:= Freshvariable 

X 

:= Y 

X' := Y'; 

X" 

:= Y" 

X 

:= Y A Z 

X 

• • 

ii 

> 

N 

\# • 

X" 

:= Y" V Z" 

X 

:= Y V Z 

X 

• • 

II 

< 

N 

N# • 

X" 

:= Y" A Z" 

X 

:= ^Y 

Tem := Y'; 

X' 

:= Y"; X" := Tem 


Figure 26.3: Removal of negation from a boolean program. 

Finally, for item 4 we must make p single-assignment. A logspace algorithm to do 
this will be described shortly, 
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Logspace computability. This is straightforward; since logspace computable func¬ 
tions are closed under composition we need only argue that each individual transforma¬ 
tion can be done in logarithmic space. 

Item 1 is not difficult; the only trick is to use counters to keep track of expressions’ 
nesting level (a fully parenthesized concrete syntax should be used). Item 2 is also 
straightforward — one must just assign unique S variables, which can be done by indexing 
them 1,2, etc. Item 3 can be done in two passes. Pass one finds all variables X in p, 
and to generate X": =true for each to prefix the translation. Pass two translates each 
instruction as described above. 

Finally, item 4 (variable renaming): each instruction I i in a given p = Ii... I m is an 

assignment; denote it by X^:=E^. There may, however, be several assignments with the 

• • 

same left side X* = Xj even though i^j. Transformation: replace every I i by X 7 :=E 7 
where X 1 ,... ,X m are new variables, and E 7 is identical to E^ except that reference to any 
Y in E i is replaced as follows: 

• Trace backward from 1 i until you first find an instruction I* = Y: =. . ., or the 
program start. 

• If Ii = Y: = . . . is found then replace Y by X 7 , else leave Y unchanged. 

This can be done using three pointers: one for the current F, one for tracing backward, 
and one used to compare variables for equality. □ 

Theorem 26.2.2 The monotone circuit value problem is < -complete for PTIME: 

logs 

MCV = {p | p is a monotone circuit and [[p] = true} 

Proof. Lemma 26.1.2 implies that the MCV problem is in PTIME (all that is needed is an 
extra program syntax check). By the construction of Theorem 26.1.8, A < SbooleComp 

logs 

for any problem A G PTIME. The construction just given implies SbooleComp < MCV, 

logs 

which implies A < MCV as required. □ 

logs 

26.3 Provability by Horn clauses 

Definition 26.3.1 A Horn clause is a boolean expression 
A\ A A 2 A ... A Afc = 7 * Aq 
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where each Ai is a boolean variable and k > 0. An axiom is a Horn clause with k = 0. 
Given a conjunction 74 of Horn clauses, we define variable A to be provable from 74, 
written 74 b A, as follows: 

1. Any axiom in 74 is provable from 74. 

2. If Ai, A2 A ... A Ak => Aq g 74 and 74 b Ai for i = 1,2,... k, then 74 b Ao. 

3. No other variables are provable from 74. 

(The second case includes the first as the case k = 0.) It is natural to read A\ A A 2 A ... A 
Ak => Ao as “Ao is true if Ai,... ,A& are all true.” The i4orn clause provability problem 
is defined to be 

HORN = {(74, A) | 74 b A} 


Remark: the disjunctive form of a Horn clause T = A\ A A 2 A ... A Ak => Ao is 
J~ = ~iA]1 V — 'A2 V ... V —1 A/g V Ag 

This is a logically equivalent expression, meaning that expressions T and T' have the 
same value under any truth assignment. Thus a conjunction of Horn clauses 74 is logically 
equivalent to an expression in conjunctive normal form. 

Such an expression Tt can be trivially satisfied, by assigning true to every variable. 
A link fully characterising the syntactically defined notion of provability 74 b A in terms 
of the semantic notion of satisfibility is the following (Exercise 26.2): 

Proposition 26.3.2 74 b A holds if and only if 74 A-iA is unsatisfiable. 

The HORN problem has been studied under several names including “attribute closure” 
and is essentially equivalent to deciding whether a context-free grammar generates a 
nonempty set of strings. The following result in essence says that if propositional Prolog 
programs can be executed in logarithmic space, then ptime = LOGSPACE. 

Theorem 26.3.3 HORN is < -complete for ptime. 

logs 

Proof. HORN is in ptime: Consider the following simple marking algorithm. It is easy 
to verify that it runs in polynomial (quadratic) time. The HORN problem can, in fact, 
be solved in linear time on a pointer machine [40, 10]. 




Provability by Horn clauses 395 


Algorithm. Given (hi. A), begin with every boolean variable being unmarked. Then 
for each Horn clause Ai A A 2 A ... A Ak =>■ Aq G hi with unmarked Ho, mark Ho if all of 
Hi A H 2 ,... ,Hfc are marked; and repeat until no more variables can be marked. 

Clearly the algorithm works in time at most the square of the size of hi. Correctness 
is the assertion that hi F H iff H has been marked when the algorithm terminates (it 
is clear that it does terminate since no variable is marked more than once). For “if,” 
we use induction on the number of times the algorithm above performs “for each Horn 
clause... ” 

Note that all axioms will be marked first, and these are trivially provable from hi. 
Now consider Hi A H 2 A ... A Ak =>• Ho in 7Y, and suppose a mark has just been placed on 
Ho- By the inductive assumption each left side variable is provable, so the right side will 
also be provable (by Definition 26.3.1). In this way every provable variable will eventually 
be marked, so if H has been marked when the algorithm terminates, then hi b H. 

Similar reasoning applies in the other direction (“only if”), using induction on the 
number of steps in a proof. The base case where H is an axiom is immediate. Assume 
hi b H by a proof of n +1 steps whose last step uses Horn clause Hi, H 2 A... A Ak => Ho G hi. 
By induction all of Hi,H 2 ... ,Ak have been marked, so Ho will be marked if not already 
so. Thus every variable that is provable from hi will get marked. 

HORN is hard for ptime: Suppose H G ptime is decided by TM program p in poly¬ 
nomial time. For a given input d, consider the single-assignment MCIRCUIT program q 
constructed from p, d in the proof of Theorem 26.2.2. It had the property that d G H iff 

M = true - 

Construct from this a Horn problem hi which has 

1. An axiom X for every assignment X := true in q. 

2. A clause Y => X for every assignment X : = Y in q. 

3. A clause YAZ^>X for every assignment X : = Y A Z in q. 

4. Clauses Y => X and Z=^X for every assignment X : = Y V Z in q. 

Exercise 26.3 is to show that this construction can be done in logarithmic space. Letting 
H be the last variable assigned in q, the following Lemma 26.3.4 shows {hi, A) has a 
solution if and only if [[qj = true. □ 

Remark: the single-assignment property is essential for this, since there is no concept of 
order in the application of Horn clauses to deduce new boolean variables. If applied to 
an arbitrary monotone straightline BOOLE program, hi can deduce as true every X that 
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the program makes true, but it could possibly also deduce more than just these, since 
it need not follow q’s order of executing instructions. 

Lemma 26.3.4 Let q = 1 :Xi :=Ei .. .m:X m :=E rn , and let 

qb (l,cr 0 ) (m+1 5 &m) 

be q’s computation where <ro(X) = false for every q variable X. Then for every i G [0,m] 
we have 7 H b X^ if and only if cr^ + i(X^) = true. 

Proof. This is by induction on i. Assume the statement holds for all k with 0 < k < i <m, 
and consider the form of the ith instruction X^:=E^. If it is X^:=true then <7i+i(Xi) = 
true and 7i b X^ since => X^ is an axiom. Suppose the zth instruction is X^: =Xj; then 
j < i by the single-assignment property as established in Lemma 26.2.1. By induction 
(Tj+i(Xj) = true iff TL b Xj. 

One direction: suppose (7i+i(Xi) = true. This implies cr^(Xj) = <Tj+i(Xj) = true. Then 
by induction 7 H b Xj, which implies 7i b X* by clause Xj => X^. The other direction: 
suppose H b Xi. This can only be deduced from clause Xj => X* because of q’s single¬ 
assignment property, so 7i b Xj holds, and crj + i(Xj) = true by induction. Again by q’s 
single-assignment property, this implies a % (X j ) = true = c^ + i(X^). 

The other two cases are very similar and so omitted. □ 

26.4 Context-free emptiness and other problems 

complete for ptime 

Corollary 26.4.1 The following set is < -complete for ptime: 

logs 

Cpb 0 = {context-free grammar G \ L(G) ^ 0} 

Proof. Given G it is easy to decide whether it generates at least one terminal string 
by a marking algorithm like the one above: first mark all productions whose right sides 
consist exclusively of terminal symbols, then all productions whose right sides contain 
only marked symbols, and repeat until no more marks can be added. Then G G CF 7 ^ if 
and only if its start nonterminal has been marked. Thus the problem “is G G CFb 0 ?” j s 

in ptime. 
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By Theorem 26.3.3, A G ptime implies A < HORN for any A. Thus it suffices 

logs 

to prove that HORN < CF 7 ^ 0 , since < -reduction is transitive. This is easy: Given 

logs logs 

a pair (fi,B), construct a context-free grammar G whose nonterminals are the boolean 
variables appearing in ft. with start symbol H, and which has productions: 

A ::= £ (the empty string) if —> A is an axiom in ft 
A ::= AiA 2 ...Afc if Ai A A 2 A ... A Ak —> A G ft 

It is easy to see that L(G) = {s} if fib B, and L(G) = 0 if ft h B does not hold, so 
(H, B) G HORN iff G G CF^ 0 . □ 

The following is immediate from Theorem 25.3.10. 

Corollary 26.4.2 The complementary set CF 0 is < -complete for ptime. 

logs 

GAME is complete for ptime 

Definition 26.4.3 A two-player game is a quadruple G = (Pi,P 2 ,M,W) where 
Pi , P 2 , M, W are finite sets such that Pi D P 2 = 0, W C Pi U P 2 , M C (P x xP 2 )U (P 2 x Pi ) • 
The set of positions for player 1 (respectively 2) is Pi (respectively the set of moves 
is M, and the set of won positions is W. 

The set of winning positions is defined inductively by: any won position in p G W is 
winning (for player 1 if p G Pi, else for player 2). Further, position p G Pi is winning for 
player 1 if there is a move (p,q) G M such that q is winning for player 1; and position 
p G P 2 is winning for player 1 if for every move (p,q) G M, position q is winning for player 
1. Winning positions for player 2 are defined analogously. 

Theorem 26.4.4 The following problem GAME is complete for ptime: given a two- 
player game (Pi,P 2 j M, W) and a start position 5 , to decide whether s is a winning 
position for player 1. 

Proof First, GAME is in ptime by a simple marking algorithm: mark each position in 
WnPi; and then add marks to each position that is winning for player 1 by the above 
definition, until no new marks can be added. Anwer “yes” if start position s gets marked. 

Second, we will prove that a HORN problem (ft. A) can be reduced to GAME. Con¬ 
struct 


G = (Vars,ft,M, Axioms) = (Pi,P 2 ,M, W) 
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where Vars is the set of boolean variables appearing in (77, A), and Axioms is the set of 
clauses of form =>> B in 77, and 

M = {(Ao, Ai A ... A Ak =r* Ao) | A\ A... A A^ Aq G 7 ~C\ 

U {(Ai A..,AA k => A 0 , Ai)\l<i<k} 

In words: a position for player 1 is a variable, and a position for player 2 is a clause in 
77. A move for player 1 from position A is to choose a clause implying A, and a move 
for player 2 from Ai A ... A A^ A 0 is to choose a premise A* to prove. 

It is easy to verify (Exercise 26.4) that position A is winning for player 1 if and only 
if A is deducible from 77, i.e. G= (Ears, 77, M, Axioms) G GAME iff (77, A) G HORN. 
Further, it is easily seen that G is constructive from 77 in logarithmic space. □ 


26.5 Parallel computation and problems complete 

for ptime 

There seems to be a clear gap between those problems that are easy to solve using paral¬ 
lelism, and problems that are complete for ptime. A sketch follows, although parallelism 
is outside the scope of this book. 

The class NC (standing for “Nick’s Class”) is the set of all problems that can be 
solved on inputs of size n in time C^log^ n) (very fast), provided one is given a number of 
processors that is polynomial in n, and that these can communicate instantaneously (a 
rather liberal assumption). Analogous to identifying ptime with the class of all feasibly 
solvable problems, many researchers identify NC with the class of all problems that have 
efficient parallel solutions. While the identification is not perfect, it gives a starting point, 
and has been used in many investigations. 

The classes LOGSPACE and NLOGSPAGE are easily seen to lie within NC, which certainly 
lies within ptime. On the other hand, if any problem that is < -complete for ptime lies 

logs 

in NC, then PTIME = NC, that is all polynomial-time solvable problems have fast parallel 
solutions. This would be a remarkable result, comparable in its significance to showing 
that PTIME = NPTIME. 

Thus to show that certain problems are hard to parallelize, it suffices to show that 
they are complete for ptime. This property is often used in the literature, and is a major 
motivation of the book [56]. More details can be found in that book, or in the one by 
Papadimitriou [138]. 
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Exercises 

26.1 Prove correctness of the translation of Lemma 26.2.1, using induction on program 


length. □ 

26.2 Prove Proposition 26.3.2. □ 

26.3 Complete the proof of Theorem 26.3.3 by showing that function / is computable 

in logarithmic space. □ □ 

26.4 Fill in the missing details of the proof of Proposition 26.4.4. □ 


26.5 A two-player game as in Definition 26.4.3 is played on a finite directed graph 

(PiU P 2 ,M). In general, this graph may contain cycles. Prove that GAME is complete 
for ptime even if restricted to DAGs, i.e. acyclic directed graphs. □ 

26.6 Prove that GAME is in LOGSPACE when restricted to graphs that are trees. Hint 

(by Ben-Amram): the problem is essentially one of tree traversal. Choose a data repre¬ 
sentation of the game tree that makes this convenient. □ 


References 

The first problem known to be < -complete for ptime was Cook's “path problem,” de- 
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In Chapter 26 we showed the Horn clause deducibility problem to be complete for ptime. 
Hardness was proven by steps whose net effect is to reduce acceptance of an input by a 
deterministic polynomial time Turing machine program to provability of a goal by a set 
of Horn clauses. A variation on this construction is used to prove the central result of 
this chapter: that SAT is < -complete for nptime. 

logs 

A recapitulation. Much of Chapter 26 can be re-used for nptime, so we recapitulate 
its two-phase development. Phase 1: 

1. Begin with a deterministic TM program p running in polynomial time, and input d. 

2. Build from p and d an SBOOLE program q such that [p]]™(d) = true iff [[q]] BQ0LE = 
true. 

Conclusion: Problem SbooleComp is < -complete for ptime. Completeness of Horn 
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clause deducibility was proven by carrying this development further as follows: 

1. Eliminate if’s from q to obtain an equivalent SBOOLE program q' whose instructions 
are all of form: X:=true, X:=Y, X:=YVZ, or X:=YAZ. 

2. Build from q' an equivalent single-assignment SBOOLE program q". 

3. Build from q" a Horn problem 7Y, A such that [[q"]] B00LE = true iff Tt h A. 

The development for nptime is quite analogous. The essential difference from ptime is 
program p may be nondeterministic (recall Chapter 22): Turing program p can “guess” 
from time to time by executing an instruction of form: goto £' or £". Phase 1 is almost 
as above: 

1. Begin with a nondeterministic TM program p running in polynomial time, and an 
input d. 

2. Build from p and d a deterministic SBOOLE program q such that TM-program p 
applied to input d can yield true iff [[init; q]] BQ0LE (d) = true for some sequence of 
assignments Init. 

Based on this construction we will see that the following problem, which we willcall 
“Nontrivial,” is complete for nptime: 
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Given an SB00LE program, does there exist an initialization of its variables 
causing it to produce output true? 

Phase two also involves constructing a boolean expression T from program p and input 
d, but asking a different question than in Chapter 26: is expression T satisfiable, i.e. 
is it possible to assign truth values to its variables to make T evaluate to true 7 1 The 
construction follows the same lines as that of the previous chapter: 


1. Build from TM-program p and d G {0,1}* an SB00LE program q such that program 
p on input d can yield true iff [init; q]] B00LE (d) = true for some assignments Init. 

2. Build from q an equivalent SB00LE program qi without conditional instructions. 

3. Build from qi an equivalent single-assignment no-if, no-goto SB00LE program q 2 . 

4. Build from q 2 a boolean expression T such that T is satisfiable iff, for some assign¬ 
ment sequence Init, 


[Init; q| 


SBQOLE 


[Init; q-J] 


SBQOLE 


[init; q 2 ] 


SBQOLE 


true 


27.1 Boolean program nontriviality is complete for 

nptime 

A very simple problem complete for nptime is the following: 

Theorem 27.1.1 The following problem NonTrivial is < -complete for nptime: 

logs 

Given : a deterministic SB00LE program q. 

To decide : is 

;. .. X k :=b k ; qj = true 

for some sequence of assignments Xi:=b*; ... X k :=b k with G {true,f alse} ? 

Proof. NonTrivial is in nptime by a simple “guess and verify” algorithm: choose values 
b^ nondeterministically, set up an initial store binding the variables to them, and then 
evaluate q. The following Lemma 27.1.2 shows that NonTrivial is < -hard for nptime, 

logs 

and so complete. □ 

1 By Proposition 26.3.2, Horn clause deducibility is a special case of nonsatisfiability, and so Horn 
clause non deducibility is a special case of satisfiability. By Theorem 25.3.10 Horn clause nondeducibility 
is also complete for PTIME, so phase two’s result naturally extends that for PTIME. 
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Assume A is accepted by nondeterministic TM program 2 p. To show: A can be reduced 
to SBOOLE program nontriviality in logarithmic space. 


Lemma 27.1.2 Let p be a nondeterministic TM program running in time tt( | d| ) for any 
input d E ID, where n(n) is a polynomial. Then for any input d there exists a deterministic 
SBOOLE program q such that Jlnit ; q^ BOOLE = true for some assignment sequence Init 
iff p can accept d. Further, q can be constructed from p and d in space 0(log|d|). 


Proof. We mostly follow the pattern of the proof of Lemma 26.1.3. The first step is to 
construct from p and d = Ii ... I m an SBOOLE program 


q 


/ 


L 


-l 


l 


true; I 


- 7 r(n) 


Answer 


L 


m+1 


Exactly the same construction from Figure 26.2 can be used, plus the following translation 
of the nondeterministic choice instruction: 


TM Instruction I^ 

SBOOLE instructions l\ for [0,7r(n)] 

goto e or r 

:=false; if CL then L:=true else L:=true 


This is clearly a deterministic program. Construct q from q' by prefixing it with in¬ 
structions X:=false for every variable in q, except the oracle variables 0 £ . Clearly 
{Oo,Oi,... , 0 ^)} includes all variables not assigned in q. 

Now q has the property that TM program p has a terminating computation on input 
d if and only if [[Init ; qj = true for some initialization assignment sequence Init. (This 
was not true for q' since its construction relied on the falsity of unassigned variables.) 
An example initialization sequence: 

Init = 0 q:= true; 0i:= false;...; 0^^:= true; 

Correctness of q. First, if [[Init ; qj = true for some initialization sequence Init, then 
the accepting computation by Init ; q clearly corresponds to an accepting computation 
by p on d. Now consider any computation (there may be many) by p on d: 

p h (1,B d) (4 , a tl ) (4,4) ->* ... (. i tr ,a tr )^ (4, a ' tl ) ... 

where (^ 1 ? cr tl ), (£ t2 ,a t2 ),... is a list of all states such that I 4 has form goto £' 

or i". For each such C, let Init contain assignment O 4 := true if branch £' t is taken in 


2 From Chapter 22: a TM program which may also have instructions of form goto f or t". 
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this computation, else assignment 0^. := false if branch t" is taken. Then Init;q will, 
when it encounters its t^-th instruction 

:= false; if 0^ then L^/ := true else L:= true 

take the branch that p takes on d. Consequently Init; q will have a computation that is 
parallel to the one by p on d, yielding result [[lnit;q]]= true. 

It should be evident that this construction can be done in logarithmic space because 
it is so similar to that of Lemma 26.1.3. □ 


27.2 Satisfiability is complete for nptime 

Expression T ', to be built from p and d, will have the same boolean variables as in the 
previous section, plus new boolean "oracle” variables 0*, one for each point in time, i.e., 
polynomially many new variables. 

A “choice” by p to transfer control to f at time t will amount to setting 0* = true 
in T ’, and a transfer to f" will amount to setting 0 t = false in T. Each 0* is called an 
oracle variable , since the choice of a satisfying truth assignment (Definition 25.1.1) for 
J 7 , in effect, predetermines the sequence of choices to be taken by program p, just as 
the initialization sequence Init of the preceding section. The values of variables 0* will 
not be uniquely determined: Since p may have many different computations on the same 
input d, some accepting and others not, there may be many satisfying truth assignments. 

T will be constructed from q very similarly to the way 7 ~t was built, but a few 
additional clauses will be needed to be certain that T can be satisfied only in ways 
that correspond to correct computations. 

Theorem 27.2.1 SAT is < -complete for nptime. 

logs 

Proof. First, SAT G nptime by a simple “guess and verify” algorithm. Given a boolean 
expression T ’, a nondeterministic program can first select a truth assignment 0, using the 
instruction goto f or t' to choose between assigning true or false to each variable. 
Then evaluate 0(1F) in polynomial time by Lemma 26.1.2. If true, accept the input, else 
don’t. All this can certainly be done by a nondeterministic polynomial time computation. 
The next task is to show that A < SAT for any set A C IDqi in nptime™. This is 

logs 

done by modifying the construction of a Horn clause program from a TM program seen 
before; details appear in the following section. After that, correctness and space usage 
of the construction will be established. □ 
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27.2.1 Construction of a 3CNF expression from a program and 

its input 

Lemma 27.2.2 Let p be a nondeterministic TM program running in time g(|d|) for any 
input d G D where g{n) is a polynomial. Then for any input d there exists a 3CNF 
boolean expression 3 

which is satisfiable iff p can accept d. Further, T can be constructed from p and d in 
space 0(log|d|). 

Proof. Begin with SB00LE program q from Lemma 27.1.2. Apply a construction in 
Lemma 26.2.1 to q to construct an equivalent SB00LE program qi without conditional. Its 
instructions can only have forms X:=true, X:=false, X:=Y, X:=^Y, X:=YVZ, or X:=YAZ. 

Next, apply another construction from Lemma 26.2.1 to qi to construct an equivalent 
single-assignment no-if, no-goto SB00LE program q 2 = Finally, construct 

boolean expression 

T = Ii A ... A I m 

from q 2 , where each I is defined as follows: 


BOOLE Instruction I 

Clauses I 

3CNF equivalent 

X 

= true 

X 

X 

X 

= false 

^X 

^X 

X 

= Y 

Y => X 

—iYVX 

X 

= -«Y 

-iY => X 

YVX 

X 

= YVZ 

(Y X) A(Z X) 

(-iYVX) A (^ZVY) 

X 

= YAZ 

YAZ=> X 

(-.YV^ZVX) 


Expression T does not have the form of a set of Horn clauses because the negation 
operator appears in two places. Further, we are asking a different question, satisfiability, 
rather than Horn clause deducibility. 

^Meaning of 3CNF: each C% is a disjunction of at most three literals. See Appendix Section A.l for 
terminology if unfamiliar. 
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Correctness. First, note that expression T has exactly the same variables as q 2 . Sec¬ 
ond, the only unassigned variables in q 2 are the oracle variables 0$. 

If [[init; q 2 ]] BG0LE = true for some initialization Init of the oracle variables, it is clear 
that 0(J-) will evaluate to true under the truth assignment 

0(X) = the value Init assigns to X 

Conversely, suppose 6{fF) evaluates to true for truth assignment 0, and let Init contain 
X:=true for each X with 0(X) = true and X:=false for each X with 0(X) = false. Since 
q 2 is single-assignment, a simple induction on computation length very like the proof 
of Lemma 26.3.4 shows that for each assignment X: = . . . performed by Init;q 2 , truth 
assignment 6 must map variable X to the (unique) value that Init;q 2 stores into X. 

Thus T is satisfiable if and only if [[Init; q 2 ]| = true for some truth assignment 0. We 
have already seen that this holds if and only if [[0(qi)]| = true for some truth assignment 
0, and that this holds iff p on input d can yield true. 

Thus T is satisfiable if and only if p accepts d. Exercise 27.2 is to show that this 
construction can be done in logarithmic space. □ 

27.3 Other problems complete for nptime 

Thousands of problems have been shown complete for nptime. For a large selection, 
see [52]. Many of the first problems shown complete for nptime concern graphs, as 
indicated by the following selection. However there is a wide variety in nearly all areas 
where combinatorial explosions can arise. For historical reasons we now sometimes write 
“vertex” where “node” has been used other places in the book; but the meaning is exactly 
the same. 

Corollary 27.3.1 The CLIQUE problem is < -complete for nptime. 

logs 

Proof. First, CLIQUE G nptime by a simple algorithm. Given graph G and number k, 
just guess a subset of k of G’s vertices and check to see whether every pair is joined by 
an edge of G. This takes at most quadratic time. 

Second, we saw in Construction 25.3.1 how the SAT problem can be reduced to 
CLIQUE. It is easy to see that the construction can be done in logarithmic space, so 
SAT < CLIQUE. By Proposition 25.3.5, CLIQUE is also < -complete for nptime. □ 

logs logs 
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Theorem 27.3.2 The following problem, called VertexCover, is < -complete for 

logs 

NPTIME: 

Given : an undirected graph G = (V,E) and a number k. 

To decide : is there a subset S C V with size k such that every edge in E has an endpoint 
in 5? 

Proof. It is clear that VertexCover is in nptime by a simple guess-and-verify algorithm. 
Second, we show CLIQUE < VertexCover which by the previous result and Proposition 
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25.3.5 implies VertexCover is also < -complete for nptime. 
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The reduction is as follows, given a CLIQUE problem instance (G, k) (does G = (V, E) 
have k mutually adjacent vertices?). Construct the “complement” graph G = (V,iU) 
where E' = {(v,w) \ {y,w G V,v w,(v,w) ^ E}. Let n be the number of vertices in V. 

Claim: G is a k-e lement clique of G if and only if S = V\C is a (n — k )-element vertex 
cover of G. Assume G is a k- clique. An arbitrary edge (v,w) of G connects two distinct 
vertices and is not in E. Thus at least one of v or w must not be in G, and so must be 
in S\C. Thus every edge has an endpoint in S', so S is an (n — fc)-element vertex cover 
of G. 

Now assume S is an (n— &)-element vertex cover of G and v,w are any two distinct 
vertices of G. If (v,w) were an edge in E' then one of them would be in S = V\C. Thus 
(v,w) is an edge in E, so G is a clique. 

Thus (G,k) G CLIQUE iff (G,n — k) G VertexCover. Further, (G,n — k) can be con¬ 
structed from (G,/c) in logarithmic space, so CLIQUE < VertexCover. □ 

logs 

Theorem 27.3.3 The following problem, called SetCover, is < -complete for nptime: 

logs 

Given : a number k and a collection of sets 4 Si,..., S n . 

To decide : is there a subcollection Sq,..., S? fc of at most k of these whose union covers 
all elements in any Sp 

j—n j—k 

U 5 ‘=IK- 

3 =1 3 =1 

4 For example, by listing each as a string {i>i,...,%}, using binary integers to denote the various 
elements Vi. 
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Proof. It is again clear that Set Cover is in nptime by a simple guess-and-verify algorithm. 
Second, we show VertexCover < Set Cover. By the previous result and Proposition 

logs 

25.3.5, this implies SetCover is also < -complete for nptime. 

logs 

The reduction is as follows, given a VertexCover problem instance (G, k) (does G = 
(V,E) have a set of k vertices that contact every edge?). Construct the collection of sets 
S v , one for each vertex v G V, such that 



{(u,w) G V | v = u \/ v 



Clearly, 5^,..., Si k is a set cover of V = U vG v S v if and only if {v ^,..., vi k } is a vertex 
cover of E. Constructibility in logarithmic space is simple. □ 


Exercises 

27.1 Prove Theorem 27.1.1. Hint: for hardness, show that SAT < NonTrivial. □ 
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27.2 Complete the proof of Theorem 27.2.1 by showing that function / is computable 

in logarithmic space. □ 

27.3 Verify the equivalence stated in Theorem 27.3.3. □ 

27.4 Prove that the FeedbackVertexSet problem is < -complete for nptime: 

logs 

Given : a directed graph G = (V, E) and a number k. 

To decide : is there a /c-element subset S C V such that every cycle of G contains at 
least one vertex in El Hint: reduce VertexCover to FeedbackVertexSet. □ 
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28.1 Acceptance by boolean programs with goto 

First, we will prove the following: 

Theorem 28.1.1 The following set is < -complete for PSPACE: 

logs 

BooleComp = {p | p is a BOOLE program whose last assignment yields true} 

In light of Theorem 26.1.8, this says that the difference between simulating programs with 
or without goto corresponds to the difference between PSPACE and ptime (if any). Using 
this as a basis, we will proceed to show the following problems complete for PSPACE: 

REGALL = {R | R is a regular expression over E and L(R) = E*} 

QBT = {T | T is a true quantified boolean expression} 

Lemma 28.1.2 Boolean programs can be executed in space at most a polynomial func¬ 
tion of their length. Further, termination can be decided within polynomial space. 

Proof. A simple interpreter slightly extending that of Section 3.4.2 can execute an ar¬ 
bitrary BOOLE program. Let the interpreted program p have m labels and k boolean 
variables. Clearly m < |p| and k < |p|. The interpreter can store the current state (£,cr) 
of p using 0(log|p|) bits for the control point and one bit for the current value of each 
program variable, 0(|p|) bits in all. 

This naive interpreter will of course loop infinitely if the interpreted program does 
so. It can be modified always to terminate as follows. Observe that program p can enter 
at most m* 2 k configurations without repeating one, and so going into an infinite loop. 

.Modify the interpreter to maintain a binary counter c consisting of r = k\logrn\ 
boolean values (initially all false), and increase this counter by 1 every time an instruction 
of p is simulated. If c becomes 2 r — 1 (all true’s) then the interpreter stops simulation 
and signals that p has entered an infinite loop. This is sufficient since 2 r > m-2 k . 
Clearly the modified interpreter uses 0(|p| log |p|) space. 

Theorem 28.1.1 in essence says that if boolean programs can be executed in polyno¬ 
mial time, then ptime = PSPACE. To show that BooleComp is hard for PSPACE we 
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reduce computations by an arbitrary polynomially space-bounded Turing machine to 
BooleComp. 

Lemma 28.1.3 Let Turing machine program p run in polynomial space tt( n) on inputs 
of length n. There is a logspace computable function / : {0,1}* — > {BOOLE programs} 
such that for any d G {0, l}*: 

p accepts d if and only if [[/(d)]] B00LE = true 

Proof. Let the given Turing program be p = Ii. . . I m . By assumption space™(d) < tt( |d|) 
for some polynomial 7r(n) and all d G {0,1}*. For a fixed p we show how to construct 
from d a Boolean program q = /(d) as desired. Without loss of generality we may assume 
that p accepts d if and only if p’s computation on d terminates at program control point 

m+1. 

Figure 28.1 shows the structure of the BOOLE program q that simulates p’s computa¬ 
tion on d. It uses the notation and the STEP macro from Chapter 26. The correctness 
argument is just the same as that of Lemma 26.1.5 (the only difference is the use of the 
WHILE loop in Figure 28.1.) 


Ti : ai;... ; T„ : a n ; 

Input d ai... a n on squares 1,2,... ,n; 

T„+i : B; .. .; T ff(n) : B; 

blanks to the right; and 

T 0 : B; T i : B; .. .; T T(n) : B; 

blanks to the left. 

Li := true; Accept := false; 

Start at 1 1 ; p has not yet accepted d. 

while not Accept do STEP; 

Run p until it terminates. 

Accept := true; 

Accept — true iff p eventually accepted d. 


Figure 28.1: Turing simulation by Boolean program q= /(d) with d = ai... a n . 


Proof. Theorem 28.1.1: By Lemma 28.1.2, BooleComp is in PSPACE. If A is in PSPACE 
then it is decidable by some polynomially space-bounded Turing machine program p. 
The preceding Lemma shows how to reduce A to BooleComp, so BooleComp is < -hard 

logs 

for PSPACE. □ 

The following variant is a bit simpler, and so will be used in some later reductions to 
prove problems hard for PSPACE. 
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Corollary 28.1.4 The following set is < -complete for PSPACE: 

logs 

Bterm = {p | p is a BOOLE program which terminates} 

28.2 Quantified boolean algebra 

Definition 28.2.1 A quantified boolean expression is an expression E of form given by: 

E ::= X | true | false | Ei V E 2 | E* A E 2 1 -i E | Ei => E 2 | Ei E 2 

V X . E | 3 X . E 
X ::= XO | XI ... 

We say that E is closed if every variable X is bound, i.e. lies within the scope of some 
quantifier VX.E or 3X.E. The value of a closed quantified boolean expression E is either 
true or false. 

An expression of form VX. E has value true if both E+ and E- have value true , where 
E+, E- are obtained from E by replacing every unbound occurrence of X in E by true, 
respectively false. Expression 3X.E has value true if E+ or E- have value true (or both), 
and expressions Ei V E 2 , etc. are evaluated by combining the values of their components 
in the usual way for boolean expressions. □ 

Theorem 28.2.2 The set QBT of true quantified boolean expressions is < -complete 

logs 

for PSPACE. 

Proof First, it should be clear that truth of a quantified boolean expression can be 
established in linear space, by an algorithm that enumerates all combinations of val¬ 
ues true, false of its quantified variables, and combines the results of subexpressions 
according to the logical operators and quantifiers in E. This requires one bit per variable. 
We next show Bterm < QBT, so QBT is < -complete for PSPACE by Theorems 

logs logs 

28.1.1 and 25.3.5. 

Consider BOOLE program p = Ii...I m with variables Xi,...,Xfc. Without loss of 
generality we may assume every instruction in p is of the form X := true, X := false, 
or if X goto £ else £', where the latter abbreviates if X then goto £ else goto £'. 
The reason is that the boolean operators and assignments may all be transformed into 
code to “test and jump” with at most linear increase in program size (a transformation 
obviously computable in logspace). 

For example, the assignment X := Y could be realized by 
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1: X := true; 

2: if Y goto 4 else 3 
3: X := false 

and similarly for the other forms. 


One-step simulation We start out by constructing a quantified boolean expression 
Nx(X,L,X',L?) where X stands for the sequence Xi,...,Xfc, L stands for Li,...,L m +i, and 
similarly for their primed versions. The expression will be such that 

p I- (£, [1 V!,...,k i-> v k \) -> {£',[1 i-> v[,...,k i-> v' k }) 


if and only if 


Nx(r?i,..., Vk, false ,..., true,..., false , v [,..., v f k , false ,..., true ,..., false ) 


evaluates to true , where the first sequence of truth values has true in position i only, and 
the second has true in position f only. Intention: = true (L^ = true ) if the current 

control point (next control point) is instruction I^. 

Some auxiliary notation: if vectors U,V have the same length s, then U <=>• V stands 
for (Ui Ui) A ... A (U s U s ). Similarly, if I C {1,2,..., s}, then U «=>•/ V stands for 
A ieifii Finally, two more abbreviations, where we write [r, s) for {i \ r <i < s}: 


Lab(f) stands for L e A A ie [i,e)u(e,k] ^ 
Lab'(^) stands for L' A Ai 6 [M)u(<,fc] ^ 

Given this machinery, define 


Nx(X fc ,L m+i , X' fc ,L' i) = (Lab(l) A Ei) V ... V (. Lab(m ) A E m ) V Lab(m + 1) 


where the are defined by the table 


BOOLE Instruction 

Quantified boolean expression E^ 

goto f! 

Xi := true 

Xi := false 

if Xi goto f else i" 

Lab'(f)AX4AX' 

Lab'(^+1) AX<^> [1;i) X'A X'A X X' 

Lab'A+l) AX» [m) X'A-X'AX^ (a] X' 
(X, A Lab'(f)) V (-.X, A Lab'(f')) A X X' 
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The size of this expression is clearly polynomial in m + /c, and it is also evident that it is 
logspace computable with the aid of a few counters bounded by k or m. 

Multi-step simulation For this we will construct quantified boolean expressions 
Nx 2 *(X,L?,£',!?) for i = 0,1,2,..., which evaluate to true if program p can go from state 
represented by (X,L) to the state represented by (X',L/) by a 2*-step sequence of transi¬ 
tions. 

This can be defined inductively as follows. To illustrate the technique without unduly 
long argument lists, we consider only a binary predicate P 2 (a, b) rather than the 2(m + 
/c)-ary boolean predicate Nx 2 (...). 

P l (a,b) = P(a,b) 

P 2t {a,b) = 3c Mu \tv {[(-u = a Av = c) V (u = cAv = b)} => P*(iq?;)} 

Claims: first, expression P 2% (a, 6) will be true if and only if there exists a sequence 
ai,a 2 , • • • ,a 2 i such that P 2 (a*,tq + i) holds for every i G [1,2*). Second, the size of the 
expression P 2 (a, b) is 0(z + s) where s is the size of expression P(a,6), since each doubling 
of the exponent only adds a constant number of symbols to the previous expression. 

Now let r = \k • log(m+ 1)], so 2 r > (771+1)2^ (the number of configurations p can 
enter without looping). Consider quantified boolean expression Nx 2r (X,L/,X',!/). Value 
2 r is large enough so that if program p can go from state represented by (X,L) to the 
state represented by (X',L/) by any sequence of transitions, then it can do so in at most 
2 r transitions. 

Consequently p terminates iff its start transition can reach one with control point 
ra+1 within 2 r steps. Thus [[pj] = true iff the following quantified boolean expression 
is true 1 : 

3X3L . [X <t=>f alse AL X A L <^> ( p m+ i]f alse] A Nx 2 ' (X,L,X',L') A L' m+1 

Finally, a size analysis: by the argument above about P(a,6), the size of boolean expres¬ 
sion Nx 2 ' (...) is of the order of r times the size of Nx(X,L/,V,L/). The latter has been 
argued to be polynomial in the size of program p, so the total is polynomially bounded. 
The final step, logspace computability of the reduction, is Exercise 28.4. □ 


1 The part in square brackets describes p’s initial state. 
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28.3 Regular expression totality 

Theorem 28.3.1 The totality problem REGALL for regular expressions (is L(R) = E*?) 
is < -complete for PSPACE. 

logs 


Proof. We actually show the complementary problem REGNOTALL = {R | L(R) ^ E*} 
to be < -complete for PSPACE. This suffices by Theorems 25.3.10 and 23.5.2. 

logs 


REGNOTALL is in pspace. Given regular expression R over alphabet E, the prop¬ 
erty L(R) ^ E* can be decided in linear space as follows. First, construct an NFA 
M = (nondeterministic finite automaton, see the appendix) such that 

L(M) = L(R). This can be done so the size of M is linear in the size of R [3]. 

Then apply the usual “subset construction” [3] to define a DFA (deterministic finite 
automaton) Mjj accepting the same set L(R) = L{M ) = L(Mjj). Note that Mjj may 
have a number of states exponential in the size of M, since each state is a subset of the 
states of M. 

The property L{M]j) ^ E* holds if and only if there is some path from the automa¬ 
ton’s initial state {go} to a nonaccepting state. As seen before, this can be done by a 
nondeterministic search through Mp’s transition graph, storing at most one graph node 
at a time (it is not necessary to build all of Mjj first). The natural way to represent a 
state of automaton Mjj is by storing one bit for each M state, that is as a bit vector of 
size 0(\R\). Thus the nondeterministic search can be done in at most linear space. 

This shows the problem L(R) ^ E* is in NSPACE(n), and so in PSPACE by Theorem 
23.4.3. 


REGNOTALL is hard for pspace. We prove Bterm < REGNOTALL. Suppose 

logs 

we are given a BOOLE program p = Ii... I m with variables XI,... ,Xk. Without loss of 
generality we may assume every instruction in p is of the form X := true, X := false, 
or if X goto £ else f!. 

We will show how to construct a regular expression R p over E = {#,0, l,t,f } which 
generates all sequences that are not terminating computations by p. Thus L(R p ) = E* 
iff p does not terminate (which implies every string in E* is a noncomputation), so p G 
Bterm iff R p is in REGNOTALL. 

Represent a configuration C = (£, [1 i—> b±, ..., k &*.]) by the following string over 
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alphabet X of length m + 1 + k: 


C = O e -Ho m+1 -% .. .b k 


where b* = t if bi = true and R = f if bi = false for i = 1,..., k. A computation trace 
will be a string over alphabet X: 

Traces p = {#Ci#... #C*# | p b C\ —> ... —► Ct and 

Ci = (1, [1 1 —>• false ,... ,k > false]) and Ct = (ra+ 1, [...]) 

Claim : for each BOOLE program p there is a “yardstick” regular expression R p such that 


1. L(R-p) = X* \ TraceSp 

2. i? p is constructible in space 0(|p|) 


3. Rp 





R 4 where the Ri behave as follows: 



s*\ #[(0|l) m + 1 (t|f) fc #]* 

Wrong format 

i(i? 2 ) = 

£*\ #10 m #f fc £* 

Wrong start 


£*\ £*#O m l(t|f) fe # 

Wrong finish 

L{R±) = 

£*#(£ 1 |£ 2 |...|£; m )#£* 

Some Ci Cj_|-i 


Exercise 28.2 is to show that can be defined without using 

Regular expressions E£ for each instruction label £ define the set of strings C^C' 
such that p l/C —> C'. In order to define them, we use abbreviation X \a for the obvious 
finite union, and \/ ieI Xi for the union (|) of Xi for each i G I. 


Strings having symbol a at position i are generated by Yf = X 2 x aX*. 
Strings not having symbol a at position i: 



£ 


X 


X 


i— 1 


X <_1 (X\a)X* 


Strings including C#C' with a,5 G {t,f} at positions i of C and C' (respectively): 

Bf = (0|l) m+1 (t|f) ,,; - 1 a (t|f) fe - i #y/ +m+1 


Strings including C#C' with a, 5 G {t,f} at some position i of C and C’ (resp.): 
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Strings with a at position i of C such that £ is not the control point in C' 


C 


al 


(o|i) 


ra+1 




Given these, definition of the E£ is straightforward: 


BOOLE Instruction 


Regular expression E a 


goto £! 


Xi := true 


Xi := false 


if Xi goto £' else £" 


N} 

N} 


Yrn+\+k N i 

E m+1+k N}, 

•£ m +l+ k N l 


B 


ft 


B 


tf 


B il I B) 


tf 


BV I B? | V 


B 


ft 


B 


tf 


C 


u' 


C 


a 


tt 

l 

// 


v 


je[l,i]U(i,k\ 

je[l,i]U(i,k] 


(. B ft \B tf ) 


(. B ft \B tf ) 


Verification of this construction’s correctness is straightforward but tedious. □ 

A generalization: regular expressions with squaring. Suppose the class of reg¬ 
ular expressions is enriched by adding the operator R 2 , where by definition L(R 2 ) = 
L(R)‘L(R). The totality problem for this class (naturally called REG 2 ALL) can by 
essentially similar methods be shown complete for |J c SPACE(2 cn ). 

The ability to square makes it possible, by means of an extended regular expression 
of size O(n), to generate all noncomputations of an exponentially space-bounded Turing 
machine. Intuitively, the point is that an expression (...(E 2 ) 2 ...) 2 of size n generates all 
strings in E* of length 2 n , so the “yardstick” m + k +1 used above can be made exponen¬ 
tially long by an extended regular expression of length 0(n). This allows generation of 
all noncomputations by an exponential space Turing machine by a linear-length regular 
expression with squaring. 


28.4 Game complexity 

Board games. We showed a simple one-token game to be complete for ptime in 
Theorem 26.4.4. A natural question is what the complexity is for many-token games 
such as n x n-board size chess, Hex, or Go. It might be expected that their complexity is 
higher, since the number of possible configurations is exponential in the board size. This 
is indeed the case; constructions and references may be found in [164], [173], [52]- 
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Blindfold games. Games such as Battleship, Kriegspiel (blindfold chess), and even 
card games are based on imperfect information : No player is fully aware of the total game 
state. Again, it might be expected that their complexity is higher. It is shown in [77] 
that the one-token game shown complete for ptime in Theorem 26.4.4 becomes complete 
for PSPACE in its natural blindfold version. The technique used is a simple reduction 
from RE GALL. 


Exercises 

28.1 Prove Corollary 28.1.4: the problem of deciding a Boolean program’s termination 

is complete for PSPACE. □ 

28.2 Construct regular expressions for R 1 .R 2 .R 3 without using set complement \. Give 

bounds on their lengths in relation to the size of program p. □ 

28.3 Prove that the membership problem for context-sensitive grammars is complete for 

PSPACE. □ 

28.4 Prove that the quantified boolean expression of the proof of Theorem 28.2.2 can 

be built in logarithmic space. □ 
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The technique of reducing computations by arbitrary programs to ones using only boolean 
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Appendix 




A Mathematical Terminology and 
Concepts 


This appendix introduces a number of mathematical concepts that are used throughout 
the book. Readers with little or no mathematical background may read the appendix 
from one end to the other and do the exercises. Readers familiar with the notions 
introduced may consult the appendix if the need arises. The index should make this 
easy. 

Section A.l gives a short introduction to the manipulation of logical expressions. 
Section A.2 introduces sets and operations on sets, and Section A.3 is concerned with 
functions. Section A.4 introduces graphs. Section A.5 describes grammars, regular ex¬ 
pressions, and finite automata. Section A.6 introduces definition and proof by induction. 
Section A.7 describes pairing functions. 

Section A.7 contains a number of exercises; in general the reader is encouraged to try 
all the exercises. Section A.7 gives references for further reading. 

A.l Boolean algebra 

Boolean algebra is the manipulation of logical expressions or propositional formulas. In 
boolean algebra we work with two truth values , true and false. We use p, q, r,... to denote 
boolean variables. 

A boolean expression or formula , is formed by combining truth values, variables and 
smaller boolean expressions with the boolean operators shown in the following table: 


operator 

pronounced 

arity 

precedence 

associativity 

- 

not 

unary 

5 


A 

and 

binary 

4 

left 

V 

or 

binary 

3 

left 

=> 

implies 

binary 

2 

left 


if and only if 

binary 

1 

left 


“If and only if" is usually abbreviated to “iff,” and p A q is called the conjunction of p 
and q. Likewise, p V q is called the disjunction of p and g, and ~^p the negation of p. 
The ^-operator has the tightest binding strength, so pW q V-^A true r false is a 
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boolean expression equivalent to ((p V q) V A true)) ((-> false) => r). A literal is 
either a boolean variable or its negation, making p and -i q literals, whereas -i-np, (p Aq) 
and true are not. 

It is interesting to note that by using the following equations: 


^(pAq) = ^p\J^q -^(pVq)=^pA^q 

> 

(p A q) V r = (pVr)A(gVr) (p V q) A r = (p A r) V (q A r) 
p A (g V r) = (p A g) V (p A r) p V (<? A r) = (p V q) A (p V r) 

* 

~^(p=Aq)=pA^q ~>(p ^ g) = V-.9) A (p V<?) 

= p £nze = p V -ip false = pA~^p 


(de Morgan’s laws) 


(distributivity) 


it is possible to convert any boolean formula into conjunctive normal form (CNF), that 
is a finite conjunction of finite disjunctions of literals: (An V • • • V A \ ni ) A • • • A (A m i V • • • V 
Amnm )• A concrete example of a boolean formula in CNF is (p V ~*q) A~*q A (-<p Vp Vg). 


A. 1.1 Evaluation of boolean expressions 

When we want to determine the truth value of a boolean expression, we must specify 
how the variables in the expression are to be interpreted. To this end we let 0 be a 
truth assignment mapping boolean variables to truth values. If all the boolean variables 
occurring in an expression E are in the domain of (0), then we define the value of E under 
the truth assignment 0 to be the result of applying the function eval: truth assignments —» 
boolean expressions —> truth values given by 


eval0E = < 


true, 
false, 
0(E), 




Popq , 


if E is true 
if E is false 
if E is a variable 

if E is p op q andp = eval Op and q = eval Oq 
if E is -ip and p = eval Op 


where the truth value of pop q is given by the following truth table : 


p 

q 

-'P 

pAq 

pWq 

p^q 

PAAq 

true 

true 

false 

true 

true 

true 

true 

true 

false 

false 

false 

true 

false 

false 

false 

false 

true 

false 

false 

true 

true 

false 

true 

true 

false 

true 

true 

false 
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A.2 Sets 

A.2.1 Definition and examples 

A set is informally defined to be a collection of objects. The only requirement a collection 
must satisfy to be called a set is that for any object x, either x is definitely in the 
collection, or x is definitely not in it. If S is a set and x is an object in S we say that x 
is an element of S (or x is in S, or x belongs to 5, or x is a member of S , or even that 
x is contained in S) and write x G S. If x is not in S we write x ^ S. 

Well-known examples of a set inlude: 

1. IN: the set of all non-negative integers (thus including zero), also called the natural 
numbers. 

2. IR : the set of all real numbers, e.g. 2.1,1/3,400, —32,7r,e. 

3. IR + : the set of positive real numbers, e.g. 2.1,1/3,400,7r, e. 

4. The collection of all graphs with at most five edges. 

If a set contains only finitely many different objects ai,a 2 ,...,u n then the set is written 
{ai,a 2 ,... ,a n }. For example, the set containing the first three prime numbers (and 
nothing else) is written {2,3,5}. 

An infinite set may be described similarly if there is an obvious rule for listing its 
elements. For instance the set of odd non-negative numbers may be written {1,3,5,7,...}. 

Two sets T and S are equal , written T = S, if and only if they contain the same 
elements, i.e. if and only if every element in T is also an element in S and vice versa. 
Thus the sets {2,5,2,5,3} and {2,3,5} are equal. If T = S we also say that T and S are 
one and the same set. 

A set T is a subset of another set S', written T C S if every element of T is also an 
element of S. If T is a subset of S and vice versa, T and S are equal by the definition of 
equality. 

By definition of equality there is only one set without any members at all. This set 
is written 0, and is called the empty set. 

If S is some set and P{x) is some condition involving x we use the notation {x G 
S\ P(x)} to denote the set of all those members of S that satisfy the condition P(x). For 
instance the set 

{x G IN | x > 2 and the only divisors of x are 1 and x} 


is the set of all prime numbers. 
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A.2.2 Some operations on sets 

If T and S are two sets then the union SUT is the set of all those objects that are 
elements in T or in S (or both). For example, {1,3} U {3,5} = {1,3,5}. The intersection 
SnT is the set of all those objects that are elements in both T and S. For example, 
{1,3,4} n {3,4,5} = {3,4}. £ and T are disjoint if they have no members in common, i.e. 
if SnT = 0. Finally, the difference S\T is the set of all those objects that belong to to 
S but not T. Thus {1,2,5}\{3,5,7} = {1,2}. 

An ordered pair is a sequence of two (not necessarily distinct) objects in parentheses 
(a, b). The first component is a and the second component is b. If S and T are sets the 
cartesian product S x T is the set of all ordered pairs where the first component belongs 
to T and the second component belongs to S. 

Similarly we speak of triples (a,5,c), quadruples (a,5,c,d), and in general n-tuples 
(ai,a 2 ,... ,a n ), and of the cartesian product of n sets Si,£ 2 , • • • ,£ n * 

V(S) denotes the set of all subsets of S. For instance, 

P({1,2,3}) = { 0,{1},{2},{3},{1,2},{1,3},{2,3},{1,2,3} } 

If S is a finite set we let | S | denote the number of elements in S. 

A.2.3 An abbreviation 

We use the vector notation x n to denote the sequence xi,X 2 , ■ ■. ,x n (also when 
xi,X 2 , ■ ■ • ,x n are numbers, graphs, etc.). Note that x n does not include parentheses, 
so (x n ) means (xi,x 2 ,... ,x n ). Moreover, if x n denotes aq,X 2 ,... ,x n and y m denotes 
denotes y ll y 2 ,... ,y m then (x n ,y m ) means (aq,x 2 , • •. ,x n ,yi,y 2 , • • • ,2/m). 

A.3 Functions 

A.3.1 Total Functions 

A function from a set A into a set B is a correspondence which associates to every a in 
A exactly one b in B. More precisely, a function from A into B is a subset f of Ax B 
satisfying: 

1. For all a in A there is at least one b in B such that (a, b) is in / (definedness ). 

2. For all a in A there is at most one b in B such that (a, b) is in / [uniqueness ). 
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If / is a function from A into B, a is an element of A, and b is the unique b in B such 
that (a, b) is in /, we write /(a) = b and call a the argument and b the result. Note that 
by the definition of a function there corresponds to every argument exactly one result. 

The set of all functions from A into B is written A —» B, and the fact that / is a 
function from A into B is written / : A ^ B. 

Some examples: 

1. The function double f : IN —» IN associates to every n in IN the number n + n. 
This is the set {(0,0), (1,2), (2,4), (3,6),...}. For example, /(2) =4. 

2. The function predecessor g : IN —* IN associates to every n / 0 the number n— 1 
and associates 0 to 0. This is the set {(0,0), (1,0), (2,1), (3,2),...}. For example, 

/(3) = 2. 

3. The function monus — : IN x IN —> IN which associates to every pair (m,n) with 
m > n the difference m — n and associates 0 to all other pairs. This is the 
set {((0,0),0),((0,1),0),((1,0), 1),((2,0),2),((1,1),0),((0,2),0)For example 
/(0,2) =0. 

The set-theoretic definition of a function can be thought of as a table listing the arguments 
in one column (first component) and the result of applying the function to the arguments 
in the second column. For instance, double is: 


0 

0 

1 

2 

2 

4 


A more customary way of writting the example functions is symbolically, e.g.: 


1- f(n) 

2- fin) 


= 7i + n. 
f n— 1 



if n > 0 
if n = 0 


3. f(m,n) = 


rri — n if m > n 
0 if m < n 


We shall also employ this shorthand notation. However it is important to keep in mind 
that a function is just a certain set. 

A function is sometimes called a total function to make explicit the difference from 
the partial functions introduced in the next subsection. The unqualified term function 
will always refer to a total function. 
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A.3.2 Infinite sequences 


Let S be some set. An infinite sequence of elements from S is a total function from IN 
to S. For example, the identity function i : IN —> IN defined by i(x) = x is a sequence, 
and the function i: IN —> IN x JN defined by i(x) = (z,2i) is a sequence. 

Instead of presenting a sequence by a function definition, one often simply writes the 
first few values z(0),z(l),z(2), etc. when it is obvious how i is then defined. For instance, 
the first sequence above would simply be written “0,1,2,...” and the second would be 
written “(0,0), (1,2), (2,4), (3,6),...” 


A.3.3 Partial functions 

A partial function from A into B is a correspondence which associates to every a in A 
at most one b in B , i.e. a subset f of Ax B such that for every a in A there is at most 
one b in B such that (a, b) G /. 

This is the same as a total function except that there is no definedness condition; a 
partial function may not have a result in B for some argument in A. However, when a 
partial function has a result for some argument, then it has only one result. 

If / is a partial function from A into B and (a, b) G / then we say that / is defined or 
converges on a, and we write /(a)|. If a is an element of A on which / is defined, and 
b is the unique element in B such that (a, b) is in /, we again write /(a) = b and call a 
and b the argument and result, respectively. 

If, on the other hand, for some a in A there is no b in B with (a, b) belonging to / we 
say that / is undefined or diverges on a and write /(a)j, or alternatively /(a) =J_. In 
these two notations one should not think of /(a) or _L as objects existing in B or some 
other set; the notations simply state that there exists no b G B such that (a, b) G /. If 
/(a)| and g(a)] we will even write /(a) = g(a). Again this simply means that / and g 
are both undefined on the value that they are applied to. 

The set of all partial functions from A into B is written A —> B±, and the fact that 
/ is a partial function from A into B is written / : A —>• B j_ . 

As an example of a partial function, consider / : IN x IN —» IN _l, which maps any pair 
(m,n) to the result of rounding — up to the nearest integer. For instance /(3,2) = 2. 

r r\ 

This function is defined on (m,n) if and only if n ^ 0, e.g. /(2,0) = _L. 

The cautious reader will have noticed a small error in the preceding example. Recall 
that TV x TV is the set of all pairs (m,n) where m,n G TV. Thus / associates to every 
(ra,n) with n/0 a number k in TV. Recall also that if a G A and g : A —» B± and 
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(a, b) G g we write b = g(a), that is, we put parentheses around a. Thus above we should 
have written /((3,2)) = 2, rather than /(3,2) = 2. However it is customary to drop one 
set of parentheses, and we shall also do so. 

For a partial function / : A —» FA the domain of / is the set 

dom(f) = {a G A \ f{a) 1} 

In case / is total, dom(/) = A 

The codomain of a total or partial function from A into B is the set B. 

The range of a total or partial function from A into B is the set 


rn g(/) = {b G B 


there is a a £ A such that /(a) = 6} 


A.3.4 Total versus partial functions 

Any total function is also a partial function. For a partial function / : A —» B± it may 
happen that for all a G A, f(a) is defined, i.e. dom(/) = A. In that case / is also a total 
function. 

There are two standard ways of obtaining a total function f from a partial function 

f • A—> B±: 

1. Remove all those elements of A on which / is undefined: Define f : dom(/) —» B 
by /'(a) = /(a) for all a G dom(/). 

2. Add a new element * to B and let that be the result whenever / is undefined: 
Define /' : A —> (BU {*}) by: f'(a) = /(a) for all a G dom(/), and f'(a) = * for 
a G A\dom(/). 

A.3.5 Equality of functions and partial values 

Recall that functions are just certain sets, and that two sets are equal if and only if they 
contain the same elements. This implies that two total functions f,g:A—>B are equal 
if and only if they are the same sets of pairs. Equal total functions / and g thus satisfy 
/(a) = g(a) for all a G A. 

Similarly, two partial functions f,g:A —» B± are equal iff dom(/) = dom(g) and for 
all a G dom(/) : /(a) = g(a ), i.e. iff for all a G A: 

1 . /(a) T and g(a)f; or 

2. /(a) l and g(a )| and f(a)=g(a). 
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If b,b' G B±, we write b os b' to indicate that both are in B and equal, or both are 
undefined. Thus partial functions f,g : A —» B± are equal iff /(a) ~ g(a) for all a G A. 


A.3.6 Some operations on partial functions 

The composition of two partial functions / : A —» B± and g : B —> C_l is the partial 
function {go f) : A —> defined by 


(s ° /) («) 


d(f( a )) if a G dom(/) and /(a) G dom(^) 




otherwise 


The function updating of two partial functions f,g:A —> £?_l is the partial function 
/ [g] : A —> L? j_ defined by 


f[9](a) 


g(a ) if a G dom(g) 
/(a) otherwise 


Note that if both g and / are undefined on a G A, then so is f[g\. 

A function / : A —> with finite domain dom (/) = {ai,a 2 , •.. ,a n } is also written 

ai i-> 6i,a 2 i-> 6 2 ,...,a n i-> b n ] where /(ai) = &i ,/(o 2 ) = & 2 ,...,/(a n ) = b n . (This is just 
a slight variant of the notation {(ni,^i), (a 2 ,6 2 ), ..., (a n ,6 n )} for /.) So (omitting a pair 
of square brackets) 


/[ai i-> bi,a 2 i-* b 2 ,...,a 


n 


b 


n 


is the function h: A—> B± such that /i(ai) = &i, /i(a 2 ) = 6 2 ,..., h{a n ) = & n , and /i(a) = /(a) 
for a G A\{ai,a 2 , ... ,a n }. 

Let /,# : X —>• 1R± for some set X. Then 

1. The sum f + g : X —» IR± is defined by: 


(f+g)(x) 


f(x)+g(x) if f(x)i and g(x) | 


_L 


otherwise 


2. The product f • g : X IR± is defined by: 


( f-g)(x ) 


f(x)-g(x) if /(x)| and g(a;)| 


_L 


otherwise 


3. The difference f — g : X —> ZR_l is defined by: 


( f-g)(x ) 


/(*) - fffa) if /WI and 


1 


otherwise 
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4. The quotient f /g : X —> ZR_l is defined by: 


(. f/a){x) 


f(x)/g(x) if f(x)i and g(x )| and g(x) ± 0 


_L 


otherwise 


5. Similar notation is used with a constant a G X in place of /. For instance, a • / 
X —> ZRx is defined by (a • f)(x) = a• /(x). 


In the special case where f,g are total functions (see Section A.3.4) the operations 1-3 
and 5 give as a result a total function. In 4 the result may be a partial function even 
when f,g are both total. 


A.3.7 Higher-order functions 

A higher-order function is a function that returns a function as its value. 

One example is twice : (IN —» IN) —> (IN IN) where by definition for any / : IN —> IN 

we have twice(f) = g where g(n) = f(f(n)) for all n G TV. 

Another example is apply : (TV —> TV) x TV —> TV where for any / : TV —> TV,n G TV 
we have apply(f,ri) = f(n). 

A.3.8 Lambda notation 

Lambda notation is a device to define a function without giving it a name. For instance, 
we have previously described the successor function as 

/ : TV —> TV, f(n) = n + 1 

Using the lambda notation this function could be written: 

An. n + 1 : TV —» TV 

The notation An.n+ 1 should be read: the function that maps any n to n+ 1. 

In the usual notation we write for example /(3) = 3+1. What we do when we write 
3 +1 on the right hand side of this equality is that we take the definition of /, f(n) = n +1 
and substitute 3 for n in the right hand side of the definition. In the lambda notation 
we do something similar by writing 

(An .n+l)3 = 3 + l = 4 

Note the unusual bracketing in this expression. 

We write functions of several variables, e.g. addition, as: 

(*) A(ra,n). ra + n : TV x TVTV 
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and for instance (A(m,n) .m + n) (3,4) = 3 + 4 = 7. 

Another slightly different function is a higher-order verion of the same: 

(**) Am. An. m + n : IN —> (IN —> IN) 

Whereas the first function expects a pair (m,n) and then gives m + n as result, the second 
function expects a number and then gives a function as result. For instance, 

(Am. An. m + n) 3 = An. 3 + n 

This function, “add 3” can itself be applied to some argument, for instance 

(Am .3 + m)4 = 3 + 4 = 7 

Thus 

((Am. An. m + n) 3) 4 = (An .3 + n)4 = 3 + 4 = 7 

It is clear that for any two numbers k,l G TV 

(A(m,n) .m + n) (k,l) = ((Am. An.m + n) k) l 

This suggests that one can represent functions of several variables by means of functions 
of just one variable. Indeed this holds in general as was discovered independently by 
several people. The transformation from a function like the one in (*) to the one in (**) 
is called currying after H. B. Curry, one of the discoverers of the idea. 

From now on multiple function applications associate to the left, so e\ e 2 e 3 means 
(eie 2 )e 3 . 

A.3.9 Injective, surjective, bijective, and monotonic total 

functions 

An injective function is a function / : A —» B such that for all a, a! G A, if a 7^ a' then 
/(a) 7 ^ /(a'). An injective function is also said to be one-to-one. 

A surjective function is a function / : A —> B such that for all b G B there is an a G A 
such that f{a) = 6 , i.e. if and only if rng(/) = B. Note that this does not follow from the 
fact that / is a function from A into B. A surjective function is also said to be onto. 

A bijective function is a function which is both injective and surjective. 

Examples: 

1. / : TV —» TV,/(n) = n + 1 is injective but not surjective. 

2. g : IN x IN — »IN,g(m,n) = m + n is surjective but not injective. 
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3. h : TV —» O, where O is the set of odd non-negative numbers, defined by h(n) = 
2 • n-b 1 is bijective. 

A function / : TV —» 12V is monotonic \in<m implies f(n) < /(m), and strictly monotonic 
if n < m implies f(n) < f(m). If a function / : TV —> TV is strictly monotonic then it is 
also injective, but not necessarily vice versa. 


A.3.10 Some useful functions 


We review some functions that are used in the remainder. 

The logarithmic function with base 2, log : IN —> IN is defined by: 


log(n) = 


0 if n = 0 

m otherwise, where m G TV is the largest number such that 2 m < n 


For instance, log(65536) = 16 since 2 16 = 65536. It is convenient to assume that log(O) = 
0. Thus log is a total function from IN into TV. 

For a non-empty set N of natural numbers mnx(N) denotes the largest number in N 
if it exists, and oo otherwise. Thus max is a total function from the set of non-empty 
subsets of IN into TVU {oo}, i.e. max : T , (TV)\{0} —> TVU {oo}. 

For a non-empty set N of natural numbers min (TV) denotes the smallest number in 
N. Such a number exists in every non-empty subset of TV. 


A.3.11 Comparing the growth of functions 

Below all functions are from TV into ZR + . Given a total function /. 

1. 0(f) (pronounced big oh) is the set of all functions g such that for some r G ZR + , 
and for all but finitely many n, 

g(n) < r • f(n) 

2. Fl(f) is the set of all functions g such that for some r G IR+ and for infinitely many 
n, 

g(n) > r ■ f (n) 

3. 0(/) is the set of all functions g such that for some r l 5 r 2 G ZR + and for all but 
finitely many n, 


ri-f(n) < g(ri) < r 2 -f(n ) 
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4. o(f) (pronounced little oh) is the set of all functions g such that 




lim t( \ 

n —>oo j (n) 


0 


If g G 0(f) then for some r the graph of g is below that of r • f = Xx .r • f(x) for all but 
finitely many arguments. If g G o(f) then the graph of g is below that of r • / = Xx . r • f(x) 
for all r > 0 and all but finitely many arguments. 

If g G 0(/) then for some 7 * 1 , r 2 the graph of / stays between the graph of r\ • / and 
V 2 • / for all but finitely many arguments. 

The following properties are useful. Their proofs are left as exercises. 


1. s e 0(/) iff g G 0 (f) and / € 0(g) 

2. j e 0(/) iff/ e0( 5 ) 


Some examples of the O- notation, whose proofs are also left as exercises: 


1. A n.k E 0(Xn . n), but An. n 0(Xn . k), for any k G IR+ . 

2. An. logn G 0(An. n), but An. n ^ 0(An. logn). 

3. An.n a G 0(An.6 n ), but A n.b n ^ 0(An.n a ), for all a,6 G ZR + . 


A common but sloppy notation is to write f = 0(g) instead of / G 0(g). Such notation 
is harmless as long as one keeps in mind that the = is neither symmetric nor transitive. 
Thus if / = 0(g) and h = 0(g) one should conclude neither O(g) = f which is meaningless 
nor f = h which may be plain wrong. 


A.4 Graphs 

A graph consists of a number of nodes and a number of edges between these nodes. For 
instance the following graph has three nodes and three edges. The edges have arrows in 
one direction, so this is a directed graph. 



More precisely, we define a directed graph to be a pair (V,E) where V is called the 
set of nodes or vertices and E C V x V is called the set of edges. The graph above is 
({1,2,3},{(1,2), (2,3), (3,1)}). An edge (x,y) G E may also be written as x —► y. 
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A path in (V,E) (from x\ to x n ) is a finite sequence x\,...,x n where n > 1 and 
Xi —» Xi +1 is an edge in E for each i with 1 < i < n. The length of the path is n. The 

empty path is the unique path of length 0. The path is a cycle if n > 0 and x\=x n . A 

graph is cyclic if there is a cycle in it, and acyclic otherwise. A DAG is a directed acyclic 
graph. 

We write 

• x\ —> ... —> x n for a path x \, x ^,..., x n 

• x —>* y if there is a path from x to y 

• x —> n y if there is a path from x to y of length n 

• x ^- n y if there is a path from x to y of length n or less. 

A directed graph with source and target nodes is a 4-tuple G= (V,E,vo,v en d) where 
v 0 ,Vend £ V and (V,E) is a directed graph. 

An undirected graph is a directed graph (V,E) such that E is symmetric: whenever 
edge (x,y) G E then we also have (y,x) G E. 

A.5 Grammars and finite automata 

A.5.1 Alphabets and strings 

A finite non-empty set is sometimes called an alphabet , in which case the members of the 
set are called symbols. If E = {ai,..., a*.} is an alphabet, a string over E is a sequence 
bib 2 .. .b m where m > 0 and each b* G E. For example, if E = {0,1}, then 11, 101, and 
100011 are all strings over E. The empty string £ is the unique string with m = 0. 

If x = bi... b m and y = ci... c n , then x and y are equal, written x = y, if m = n and 
bi = c i for all i G {1,.. .n}. If x = bi.. .b m and y = c \... c n , their concatenation is the 
string xy = bi... b m C!... c n . Ii z = xy then we say x is a prefix of z, and that y is a suffix 
of z. If z = xwy then we say w is a substring of z. 

If A, B are two sets of strings over E, then we define 

AB = {xy | x £ A,y e B} 

A * = {xiX 2 .-.x n | n > 0,£i,.. .,x n G A} 

A+ = {xiX 2 -.'X n | n> l,xi,...,x n Gd}(so A* = A + U{e}) 

The reverse of string x = bib 2 .. .b m is the string x = b m .. .b 2 bi, i.e. “x written back¬ 
wards.” 
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A. 5.2 Grammars 

A grammar includes a rewrite system P (as defined in Section 10.2.1), used as a tool 
to generate strings over an alphabet. We often write 8 ::= 7 instead of (4, 7 ) G P. For 
instance 

A ::= a4a 

A ::= bAb 
A ::= c 
A ::= aca 

with £ = {a,b,c} is a grammar. For conciseness we often group productions with the 
same left side, separated by the symbol “|” (pronounced “or”). Thus the four productions 
above could be expressed as one: 

A ::= a4a | bAb | c | aca 

The usage of a grammar is that one starts out with the start symbol S and then replaces 
non-terminals A (in particular S) by the right hand sides of their productions, so the 
preceding grammar, beginning with A, can generate strings over {a,b} like: 

aacaa 

aaabcbaaa 

bbaacaabb 

baacaab 

(What is the underlying structure of all these strings?) 

More formally, a grammar is a 4-tuple G = (AT, T, P, S) where 

1. N is an alphabet whose members are called nonterminals. 

2. T is an alphabet, disjoint from AT, whose members are called terminals. 

3. P is a string rewriting system over NUT such that (5,7) G P implies 8 ^ T*. 

4. S' is a member of N called the start symbol. 

In the preceding example 

1. N = {A}. 

2. T = {a,b, c}. 

3. P= {(A, a A a), (A,bAb), (A, c), (A,aca)}. 

4. S = A. 
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The requirement on 4 in part 3 of the definition of a grammar states that no production 
may allow a sequence of terminals to be rewritten further, hence the name “terminal 
symbol.” 

We now give precise definitions of one-step and multi-step rewriting. These are called 
the one-step derivation relation => and the multi-step derivation relation and are 
defined as follows where a,/3,p,cr G (7VUT)*: 


1 . a5(3 - 

=> < 27/3 iff 4 ::= 7 G P. 

2. If p = 

> 0 then p =7* 0 . 

3. 

P- 

4. If p = 

>* a and a =^>* 0 then p 0 


The set generated by a grammar G = (fV,T,P, S') is: 


L(G) = {xGf 



The set generated by our example grammar is the set of all strings xcx where x is a 
string of a’s and b’s, and x is the reverse string of x. 


A.5.3 Classes of grammars 

Some classes of grammars are particularly interesting, and well-studied for programming 
language applications. 

A regular grammar G = (iV,T, P, S) is a grammar in which every production is of 
form A ::= x or A ::= xB where A, B G N,x G T*. Our example grammar above is not 
regular. 

A context-free grammar G= (iV,T,P,S) is one such that in every production 5 ::= 
7 G P, S is a single nonterminal symbol. Our example grammar above is context-free. 

Clearly every regular grammar is context-free, but not necessarily vice versa. 

A context-sensitive grammar G= (7V,T, P, S) is one such that in every production 
cl ::= /3 G P, the length of (3 is larger than or equal to that of a , or a ::= (3 is S :: = 5 , and 
S does not appear on the right side of any production in P. 

Let G = (fV,T,P, S) be a context-free grammar. There is a specific form of one-step 
and multi-step rewriting where one always rewrites the left-most non-terminal. These are 
called the left-most one-step derivation relation =>/ and the left-most multi-step deriva¬ 
tion relation and are defined as follows where p,cr G (fVUT)*: 


1. aS/3 =7/ a^(3 iff S ::= 7 G P and a G T*,f3 G (A^UT)*. 
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2. If p =>i a then p a. 

3. p=>* t p. 

4. If p =>i a and a =^* a then p =>? <j. 


Sometimes one can generate the same terminal string from a context-free grammar by 
two different left-most derivation sequences. For instance, in our example grammar 

A =>i aca 


by the last production, but also 

A =>/ aia =>/ aca 

In this case the grammar is said to be ambiguous . 


A.5.4 Decidability problems for grammars 

We mention some decision problemsoncerning grammars and strings: 

1. The membership problem for grammar G = (7V,T, P, S') is: given a string x E T*, to 
decide whether or not x E L(G). 

2. The non-emptiness problem for G is to decide whether or not L(G) = 0. 

3. The completeness problem for G is to decide whether or not L(G) = T*. 

4. The ambiguity problem for context-free grammar G is to decide whether or not G 
is ambiguous. 

Some special cases of these problems are so important that they have their own names: 

1. CF 7 ^: The non-emptiness problem for context-free grammars. 

2. CFALL: the completeness problem for context-free grammars. 

3. CFAMB: the ambiguity problem for context-free grammars. 

4. REG 7 ^: The non-emptiness problem for regular grammars. 

5. RE GALL: the completeness problem for regular grammars. 

6 . REGAMB: the ambiguity problem for regular grammars. 
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A.5.5 Regular expressions 

One way to represent a set of strings is to find a grammar generating exactly that set. 
Another way is to find a regular expression. Let E be an alphabet. The set of regular 
expressions over E is defined as follows. 

1. 5 is a regular expression over E. 

2. If a E E then a is a regular expression over E. 

3. If r, s are regular expressions over E then so are (r | s), (rs), and (r*) 

To save parentheses we adopt the conventions that 

1 . * has the highest precedence; 

2 . concatenation has the second highest precedence, and associates to the left; 

3. | has the lowest precedence, and associates to the left. 

For instance the regular expression r = (((00)*) | (l((ll)*))) can be written shorter as 

( 00 )* | 1 ( 11 )*. 

As for grammars we define L(r), the set generated by the regular expression r, as 
follows: 

1. L(e) = 0; 

2. L(a) = {a} for every a G E; 

3. L{r | s) = L(r) U L(s); 

4. L(rs) = L(r)L(s); 

5. L(r*) = L(r)* 

where L(r)L(s) and L(r)* are defined in Subsection A.5.1. For the regular expression r 
above L(r) is the set of all strings consisting either of an even number of 0’s or an odd 
number of l’s. 

The cautious reader may have noticed that a certain class of grammars was called 
the regular grammars. This suggests some connection to the regular expressions. Indeed 
the following property holds: 

Proposition A.5.1 

1. For any regular grammar G there is a regular expression r with L(G) = L(r). 

2. For any regular expression r there is a regular grammar G with L(G) = L(r). 


On the other hand there are certain sets of strings that are generated by a context-free 
grammar but not by any regular expression or regular grammar. For instance, this is the 
case with the set of strings consisting of n a’s followed by n b’s. 
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A.5.6 NFA and DFA 

Grammars and regular expressions are compact representations of sets of strings. We now 
introduce a third kind of representation of a set of strings, namely a non-deterministic 
finite automaton , or NFA for short. Pictorially an NFA is a directed graph where every 
edge has a label, one node is depicted as the start node , and zero, one or more nodes are 
depicted as accept nodes. Here is an example where the start node stands out by having 
an arrow labelled “start” into it, and where the single accepting node has two circles 
rather than just one: 

start 

The idea of representing a set L of strings by this NFA is as follows. From the start node 
1 we can “read” a c and then proceed to node 2. From this node we can read any number 
of a’s without leaving the state and then read a b, jumping to node 3. Again we can 
read any number of a’s and then a c, jumping to the accepting node. Thus altogether 
we have read a string of form: ca... aba... ac. The set L consists of all the strings we 
can read in this manner; in other words, L is the same set of string as the set generated 
by the regular expression ca*ba*c. 

The reason why these automata are called “non-deterministic” is that there can be 
two different edges out of a node with the same label, and there can be edges labelled e, 
as illustrated in the following NFA, which accepts the set of strings generated by e ab ac: 


5 



More formally an NFA is a 5-tuple (Q,H,m,qo,F) where 

• Q is a set of states ; 

• £ is an alphabet; 

• m:Qx(SU {e}) —> V(Q) is a transition function that maps a state and a symbol 
to a set of states; 

• qo is a state, the start state ; 

• F is a set of states, the accepting states. 
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In the first example above: 

• Q = {1,2,3,4}; 

• E = {a,b, c}; 


m(l,c) = 

= {2} 

m(2,a) = 

= {2} 

m(2,6) 

= {3} 

m(3,a) = 

= {3} 

m(3,c) = 

= {4} 


• <7o = l; 

• ^={ 4 }- 

Formally, a string x = a\ ...a n with each a* G E is accepted by an NFA (Q,'E,m,qo,F) 
if there is a sequence of states qq, ... q n + 1 £ Q and symbols aq,..., a n G E U {e} such that 
m(qi,ai) 3 qi+i for all i G {l,...,n}, and q 0 = q 1 . Given an NFA TV, L(N) denotes the 
set of all strings accepted by TV, and this is called the language accepted by N. 

A deterministic finite automaton , or DFA for short, is an NFA such that no edge is 
labelled e and all edges out of the same node are labelled by different symbols. The first 
of the above NFAs is a DFA, the second is not. Formally, a DFA can be dscribed as a 
5-tuple (Q,E,ra,g 0 ,.F) where 

• Q is a set of states ; 

• E is an alphabet; 

• m:QxE -> Q is a transition function that maps a state and a symbol to a state; 

• qo is a state, the start state ; 

• F is a set of states, the accepting states. 

Note that m now maps from E (instead of EU{^}) to Q (instead of V(Q)). A string 
x = a\ .. .a n with each a* G E is accepted by a DFA (Q,E,m,5o,-F) if there is a sequence 
of states gi,...g n +i £ Q and symbols ai,...,a n G E U { 5 } such that m(^,a^) = qi+i for 
all i G {l,...,n}, and q 0 = gq. L(N) denotes the set of all strings accepted by the DFA 
N, and this is called the language accepted by N. 

It is easy to turn the second of the above NFA’s into a DFA accepting the same 
language. It is also easy, as we have done, to express the language accepted by the two 
NFA's by means of regular expressions. It is natural to wonder what the connections 
are in general between NFA’s, DFA’s, and regular expressions. This is settled in the 
following proposition. 
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Proposition A.5.2 the following conditions are equivalen for any language L: 

1. There is a DFA accepting L. 

2. There is an NFA accepting L. 

3. There is a regular expression generating L. 

4. There is a regular grammar generating L. 

Proofs of these properties can be found in [3]. 

In constructing 2 from 1, the number of states of the two automata are the same since 
any DFA may be converted into an equivalent NFA by a trivial change in the transition 
function (to yield a singleton set of states instead of one state). In constructing 1 from 
2, the DFA may have as many as 2 n states where n is the number of states of the NFA. 
In constructing 2 from 3, the NFA has at most twice as many states as the size of the 
regular expression. 


A.6 Induction 


A.6.1 Inductive proofs 


Consider the formula 

« 


1 T 2 T ...-(- n — 


n(n-\- 1) 
2 


Is this equation true for all n G IN? 1 If n = 0 it states that 2 0 = (0 • l)/2 which is true. 
For n = 1 it states 1 = (1 • 2)/2 which is true. For n = 2,3 it states that 1 + 2 = (2 • 3)/2 
and 1 + 2 + 3 = (3 • 4)/2, which are both true, and so on. 

The formula seems to be true for all examples. However this does not constitute 
a proof that it really is true in all cases. It could be that the formula fails for some 
number. 3 On the other hand, if we don’t know what n is, we need a general technique 
to prove the equation. 

Suppose we could prove the following. 


1 . (*) holds for n = 0. 

1 Recall that predicates are certain sets. In this section we often discuss whether or not something 
holds or is true. This always boils down to set membership, cf. Section 12.2. 

2 By convention l + 2 + ...+n = 0 when n = 0. 

3 Allenby [5] mentions a a striking example of this kind. Consider the following property that a number 
n may or may not have: n can be written as n 3 + + n 3 + n| + n 3 + nf. + n 3 + where ni,...,ns G IN. 

It turns out that the property holds for all natural numbers except 23 and 239. 
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2. Whenever (*) holds for some number n it also holds for n+ 1. 

Then (*) would hold for 0, for 1, for 2, and so on. The principle of mathematical induction 
states that if the above two properties hold then (*) holds for all numbers: 


Mathematical induction. If for some predicate P(n) on TV, P(0) is true, and 
it holds that for all n G TV P(n) implies P{n-\- 1), then P(n) holds for all 
n G TV. 


We can prove (*) by applying this principle, using (*) in place of P(n): 

Base case: If n = 0 then (*) states that 0 = 0 • 1/2 which is true. 

Induction Step: Suppose that (*) holds for some n. (This is called the induction 
hypothesis). Then 


1 T 2 T • • • T n — 


n(n + 1) 
2 


Then 


I 2, 71 (n 1) 


^±^ + (n + l) 

n(n+1) , 2(n+l) 

2 ' 2 
n(n+l)+2(n+l) 

2 

(n+l)(n+2) 


so (*) also holds for n+1. 

Hence by mathematical induction, (*) holds for all n G TV. 

If one wants to prove for some predicate P(n) that P(n) holds for all n > 1 one must 
prove in the base case that P(l) holds and prove for all n > 1 that P(n) implies P(n-\- 1). 

For a predicate P(n) it sometimes happens that we can prove P(n-\- 1) more easily if 
we know that P(k) holds not only for k = n but for all k <n. This can be stated as the 
mathematically equivalent principle of complete induction or course-of-values induction: 


Complete induction. If for some predicate P(n) on TV P(0) is true, and it 
holds that P(k) for all k < n implies P(n+ 1), then P(n) holds for all n G TV. 


Again if one proves P( 1) in the base case, the conclusion is that P(n) holds for all n > 1. 
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A.6.2 Inductive definitions 


One can define objects inductively (or recursively). For instance, the sum s(n) = 1 + 2 + 
... + n can be defined as follows: 

s(0) = 0 

s(n+l) = (n+l) + s(n) 

More generally we may use: 

Definition by Recursion. If S is some set, a is an element of 5, and g : 

S x IN —> S is a total function, then the function / : IN —> S 

f( 0) = a 

f(n +1 ) = g{f(n),n ) 

is well-defined. 


In the preceding example S was TV, a was 0, and g(x,n) = (n+ 1) + ax 
VIany variations of this principle exist. For instance: 


1. /(n +1) may use not only n and /(n), but all the values 0,... ,n and /(0),..., f{n). 

2. Function / may have more parameters than the single one from TV. 

3. Several functions may be defined simultaneously. 


As examples of the three variations: 


1. The fibonacci function / : IN —»IN is defined by: 


m = i 

/(i) = i 

f(n + 2) = /(n + l) + /(n) 


2. The power function A (m, n). m n : IN x IN ^ IN is defined 





n+l 


m • m 



3. The functions even : IN —> {T,+} returning T iff the argument is even, and odd : 
TV —» {T, +} returning T iff the argument is odd can be defined by mutual recursion: 

even(0) = T 
even(n+l) = odd(n) 


odd(0) 
odd(n+ 1) 


F 

even (n) 
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A.6.3 Other structures than numbers 

The set of strings generated by a grammar can be viewed as defined inductively. Here is 
an example: 

A parenthesis string is a string over the alphabet {(,)}. The set of all balanced 
parenthesis strings is defined as the set of strings generated by the following grammar: 

5 ::= e 
S ::= SS 
S ::= (, S) 

Example strings generated by the grammar: () and (()()) and (()(()))• Some examples, 
not generated by the grammar: )( and ()(() and ())). 

There is a well-known algorithm to test whether a parenthesis string is balanced. Let 
l(x) and r(x) be the number of left and right parentheses in x, respectively. A prefix of 
x is a string y such that x = yz for some z, i.e. an initial part of x. Claim: a parenthesis 
string x is balanced iff l(x) = r(x) and for all prefixes y of x l(y) < r(y). 

Actually we can prove correctness of this claim. This has two parts. First, that 
any string x generated by the grammar satisfies the test; and second, that any string 
satisfying the test is also generated by the grammar. 

For the first part, the proof is by complete induction on n, the number of steps in the 
derivation S =>* x, with base case n= 1. So P(n) is: any string x in a derivation S =>* x 
with n steps satisfies the test. 

Base case. If n = 1 then the derivation must be S =>* e (remember that every derived 
string consists only of terminals). Clearly, 1(e) = 0 = r(e), and since the only prefix of e 
is e itself, l(y) < r(y) for all prefixes y. 

Induction step: Suppose all strings generated in n or fewer steps from the grammar 
satisfy the test, and consider some string x generated in n-\- 1 steps. The rewriting must 
begin with either S => S S or S => (S). 

We consider first the case beginning with S S S. Here x has form uv where S =>* u 
and S v are derivations in n or fewer steps. By induction hypothesis the test holds 
for both u and v. Then 

l(x) = l(uv) 

= l(u) + l(v) 

= r(u) + r(v) 

= r(x) 

Now we only need to show that l(y) < r(y) for any prefix y of x = uv, so let y be some 
prefix of x. If y is a prefix of u then l(y) < r(y) by induction hypothesis. If y is not a 
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prefix of u then y = uw where w is a prefix of v. Then by induction hypothesis: 

l(y) = l(uw) 

= l(u)-\-l(w) 

= r(u) + l(w) 

< r(u) +r(w) 

= r(uw) 

= r(x) 

as required. 

The case where the derivation begins with S (S) is left as an exercise, and the proof 
of the remaining part , that any string x satisfying the test is generated by the grammar, 
is also an exercise. 

Induction proofs occur frequently in computability and complexity theory as well as 
in other branches of theoretical computer science. The only way to get to master such 
proofs is to try and do a number of them. Therefore the reader is strongly encouraged 
to try out Exercises A. 17 and A. 18. 

A.7 Pairing functions 

A pairing decomposition of set X consists of three total functions 

pr : A x A -> A, hd : A -> X,tl : A -> A 
such that for all x,y G X and all z G rng(pr): 

hd(pr(x,y)) = x 
tl(pr(x,y)) = y 

In a pairing decomposition pr is called a pairing function. 

The pairing function pr is one-to-one since pr(x,y) =pr(x',y') implies that x = 
hd(pr(x,y)) = hd(pr{x',y')) = x' and similarly for y,y'. Function pr need not be onto, 
although such functions do exist. 

There are several pairing functions for the set IN of natural numbers. One example is 
pri(x,y) = 2 X • 3 y . To understand that one can find corresponding hd,tl one must know 
that if 2 x 3 y = 2 a 3 b then x = a and y = b. This follows from the fundamental theorem 
of arithmetic : Any n/0 can be written in exactly one way as a product p^p^ 2 • • -PnC 
where pi < p 2 < ... < p m are prime numbers and 711,712 ... ,n m are all numbers different 
from 0. 
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For a more economical example in which pr is onto, consider the pairing decomposition 
where the pairing function is pr%(x,y) = (x -\- y) (x -\- y -\-1)/2 y = (x 2 + 2 xy + y 2 + x + 
Sy)/2. This pairing is surjective. 

This can be illustrated by the figure: 


y 

• 

• 

• 

• • • 

• • • 

• • • 

• • • 


4 

10 

• • • 

• • • 

• • • 


3 

6 

11 

• • • 

• • • 


2 

3 

7 

12 

• • • 


1 

1 

4 

8 

13 


0 

0 

2 

5 

9 

14 ... 


0 

1 

2 

3 

4 ... x 


In both of the two last pairing decompositions the pairs in the sequence 

{(0,0),(0,1),(1,0),(2,0),(1,1),(0,2),(0,3),...} 

receive increasing values by the pairing function, and in the last example these values 
are even consecutive. Further, Polya has proven that any surjective polynomial pairing 
function must be identical to pr^(x,y) or its converse pr±{x,y) = prs(y,x). 


Exercises 

A.l 

1. Place the implicit parentheses in the boolean expression p —iq => —iq o -i p -i q 

2. Convert the expression to CNF and indicate which equations you use. 

3. Given the truth assignment 9(p) = true , 0(q) = false , what is the value of the 
expression in question 1? What is the value of the CNF-converted expression? 

A boolean expression is called satisfiable iff there exists a truth assignment for 
the variables of the expression such that the value of the expression is true. It is 
called valid iff the value of the expression is true under all truth assignments of the 
variables. 

4. Is the expression in question 1 satisfiable? Is it valid? □ 
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A.2 Suppose / : A —» B± and g : B —> Cj_ are two partial functions. What function is 
the set 


h = {(a,c) G A x C | there is a b G B : (a, 6) G / and (6,c) G g}? 


Give a similar explicit description of /[<?]. 



A.3 Prove 1-3 in Subsection A.3.9. 



A.4 Prove that if / : A —» B is a bijective function then there exists exactly one function 
f~ l : B —> A such that: /(a) = b if and only f~ l (b) = a. The function / _1 is called the 
inverse of /. □ 

A.5 Prove that if / : A —» B is an injective function then there exists exactly one function 
f- 1 . rn g(/) —> A such that: /(a) = b if and only f~ l {b) = a. The function / -1 is again 


called the inverse of /. □ 

A.6 Prove that the inverse of an injective function is surjective. □ 

A.7 Give an example of a function which is neither injective nor surjective. □ 

A.8 What is the inverse of the composition of two bijective functions? □ 

A.9 Show that if / G 0(g) and g G 0(h) then f G 0(h). □ 

A. 10 Prove the five properties at the end of Section A.3.11. □ 


A. 11 Suppose / G O(f') and g G O(g'). Which of the following are true? 

1- f + 9 £ 0(f' + g'). 

2. f-geO(f'-g'). 

3. f/g e 0(f/g f ). 

4. Suppose that f — g and f' — g' are functions from IN into ZR + . Then / — g G 

O(f-g'). ' ' □ 

A. 12 Construct NFAs accepting the following regular expressions: 

1. (a\b)* 

2 . (a*lb*)* 

3. ((e\a)b*)* 


n 
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A. 13 Convert the NFAs of the preceding exercise into DFAs. □ 

A. 14 Give a regular expression generating the language accepted by the following NFA: 


£ 



□ 

A. 15 Convert the NFA of the preceding exercise into a DFA. □ 

A. 16 What is wrong with the following alledged induction proof? 

A set of natural numbers is odd if all its members are odd. 

Claim: Every finite set of natural numbers N is odd. 
proof: By induction on the number of elements in N. 

Base case: n = 0. Then trivially all elements are odd, since there are no elements 
[the rat is not buried here]. 

Induction step: We assume that all sets with n members are odd and must show 
that all members with n + 1 members are odd. Let S have n + 1 members. Remove one 
element l and let the resulting set be called L. Since L has n members the induction 
hypothesis guarantees that L is odd. Now put l back and take another element k out 
resulting in a set K. K again has n elements and so is odd. In particular l is odd, and 
since S = LU {/} and L is odd, S is odd. □ 

A. 17 Prove the last case in the proof that every string generated by the grammar for bal¬ 
anced parenthesis strings satisfies the test for parenthesis strings (see Subsection A.6.3). 

□ 

A. 18 Prove that every parenthesis string satisfying the test in Subsection A.6.3 is also 
generated by the grammar in the same subsection. Hint: use induction on the number 
of symbols in the string x with base case 0. In the induction step argue that since x 
satisfies the test, x must have form (y) where y satisfies the test, or vw where v and w 
satisfy the test. Then use the induction hypothesis. □ 


A. 19 Give algorithms to compute hd and tl for the three pairing decompositions in 
Section A.7. □ 
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References 

Most of the contents of this appendix is covered by many books on discrete mathematics. 
For more specialized texts, an excellent introduction to sets and functions can be found in 
Halmos’ book [61], and finite automata are covered by the classic text by Aho, Hopcroft, 
and Ullman [2]. 
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